IoT Insecurity
The joke about IoT is that the ‘S’ is for Security. There is no ‘S’ in IoT, hence there is no security.
The Internet of things (IoT), consists of all the physical devices and appliances that are internet connected (Alexa devices, smart lights, cars, thermostats, industrial machinery, cameras, doorbells, smart fridges and garage doors to name a few).
Many of these devices do not receive updates, let alone security updates, once they leave the factory. This means that when a vulnerability is discovered for one of these devices, it will not get fixed. A hacked smart fridge can lead to your whole home network becoming compromised, meaning internet activity can be captured and manipulated. That cheap internet security camera might not seem like such a good deal when it turns out it doesn’t get updates and has been hacked into and is now being used to spy on you, something that actually happens.
There are documented examples of devices sending personal information and passwords to their manufacturers in China, which is shady at best. This should raise concerns about what devices are accepted into our homes and where they are manufactured.
Smart Assistants
Virtual assistants such as Alexa, Siri and Google Assistant might seem futuristic and handy, but are a privacy nightmare. There are countless horror stories associated with these devices. One person had their Alexa activate itself and say “Every time I close my eyes, all I see is people dying.”
The companies behind these devices have admitted that snippets of what you say are listened to by humans so they can “improve the product”. There are cases where recordings from theses devices have been used in court proceedings. Needless to say, these devices are always listening. This is by design. In order to activate and follow a command (like “Siri, what is this song?”) they have to be in a constant state of “listening” so that they can detect the key word (eg: “Alexa”, “Siri”) and then follow through. This design can, and has, lead to accidental triggers as there are numerous words/phrases that have similar sound patterns to the trigger words.
Smart TVs
Another area of concern is modern Smart TVs/Rokus/Fire TVs. These usually have Hulu, Amazon, Netflix, etc. built into them. A large reason TVs have come down in price is because manufacturers are collecting data about their users and are selling it. The collected data can be used to build accurate profiles on people and it is speculated that TV manufactures make more money from selling data than from selling the actual TV. Some TVs/remotes have microphone in them to control the system, and others even have webcams embedded in them. Both of these bring major security and privacy issues and can be used to track the habits of people using the device. Like other smart devices, many smart TVs largely go without getting updates to fix security issues.
Conclusion
There is no controlling these devices once they are in your home, unless you put them onto a separate network and block some of the connections they make, which is way over the head of the average consumer, and requires regular maintenance.
Set good passwords for any IoT devices you own and regularly check for updates. Before letting an IoT device into your home, consider the privacy and security violations it brings and whether that is worth the tradeoff for the convenience they bring.