March 28, 2017

Privacy not promised with smart home devices

Voice-activated, internet-connected personal assistants are all the rage these days. Ask a group of friends what they got for Christmas and at least one will tell you how much they love their new Amazon Echo, Google Home or some equivalent.

This piece of smart home technology is a beautiful thing. But like all good things, there are risks.

There have been several recent instances where investigators seek device data after a crime has happened. Users have found is that the Alexa and Google Home devices are occasionally triggered by sounds on TV or the radio. Police are hoping that an Alexa may have recorded something that might be of use to them after a mysterious murder in Bentonville, Arkansas.

While the most recent battles are around the government having access to this data, the next concern surrounding these smart home devices is hackers.

Previous IoT Device Attacks

Last year’s attack on Dyn—one of several companies hosting the Domain Name System tied to Twitter, Paypal, Netflix and more—using internet-facing webcams proved infected IoT devices can be used to do some serious damage. As Sophos security blogger Bill Brenner puts it, “the end goal is on the same wavelength: the bad guys want to see or hear what you have for personal data so they can use the information to benefit themselves or their cause.”

The Logistics

From a hardware perspective, not much data can be pulled from an actual device. Echoes, for example, have 250MB of RAM on which it can record data. There no easy way to export that data – no USB port or floppy disk drive that you can plug into – and removing the storage would involve delicately removing circuit boards. The RAM can be wiped by just restarting the device. Data stored in the cloud, however, might be more easily accessed by hackers.

What Can Be Done?

If you’re going to use these devices, you’re going to have to accept that 100 percent privacy can’t be guaranteed. A few ways to cut down on the listening, however, include:

  • Muting/turning off your device when you’re not using it
  • Avoid connecting sensitive accounts to it, like ones that are tied to your credit card
  • Erase old recordings – In the case of the Amazon Echo, there’s a handy dashboard in your Amazon account where you can clear your search history.
  • Tighten those Google settings – Like the Echo, Home has a mute button and a settings page online, where you can grant or take away various permissions.

While hackers are always lurking in today’s digital world, taking precaution with how you use your IoT devices and what data is stored in the cloud could help prevent serious damage from being done.

Read the source article from Sophos Naked Security blog here.