Our privacy is losing out to Internet-connected household devices
It’s called the Internet of Things and, judging by all the connected gadgets and appliances unveiled at last week’s Consumer Electronics Show, it’s about to strip you of what little privacy you have left.
Taken piecemeal, there’s much to recommend about the idea of controlling household devices via voice control or smartphone apps. It’s cool having your heater or clothes dryer monitor how much power you’re using, or having your fridge alert you that you’re low on milk.
Put it all together, though, and you have a steady stream of data about your personal behavior that can be combined with other information to provide marketers, insurers and others with extremely intimate portraits of the life you lead when you think no one’s watching.
“There’s definitely a creepiness factor,” said Gilad Rosner, founder of the Internet of Things Privacy Forum, a London think tank. “Things that didn’t Internet before are now Internetting.”
He gave the example of someone having a so-called smart scale in their bathroom. On the plus side, it could transmit data to a smartphone app that enables you to track your weight over various lengths of time and show which foods are having the biggest impact.
“But you might not know where else the information is going,” Rosner told me. “An insurer would want to know if you’re gaining a lot of weight. So would an employer.”
Tom Kellerman, chief cybersecurity officer of Dallas software firm Trend Micro, offered an even more alarming scenario: A hacker could slip in through a poorly protected smart appliance and gain access to your entire home network.
“They could turn on the webcam in your child’s bedroom and watch them,” Kellerman said. “They could turn on all cameras and microphones in all your devices and see and hear everything you do, or shut down your entire network. This could lead to extortion demands.”
These aren’t idle threats. There already have been reports of baby monitors being hacked. A couple in Lacey, Wash., said last year they saw the camera in their son’s room moving and heard a man’s voice say, “Wake up, little boy, Daddy’s coming for you.”
Scary stuff — made all the more troubling by the fact that there’s very little regulation overseeing this fast-growing corner of cyberspace.
I wrote Tuesday about the need for federal authorities to create rules for business’ use of customer data. Rapid advances in connected devices underline the importance of privacy safeguards.
Market researcher Gartner estimates that 6.4 billion connected gadgets will be in use worldwide by the end of this year, rising to almost 21 billion by 2020. Roughly 5.5 million devices are hooked up to the Internet of Things every day.
A highlight of last week’s electronics show in Las Vegas was the Samsung Family Hub refrigerator. It uses your home Wi-Fi network to tell you when certain foods need reordering. It also snaps photos of its contents so you can check from afar that no one’s swiped that last piece of pie.
The Family Hub fridge allows you to order food right from its touch screen, stream music while you cook or turn off all the lights at bedtime.
This is the same Samsung that introduced a voice-controlled smart TV last year that could listen in on conversations in the home while awaiting commands. The company told me that it’s up to users to deactivate the voice-control capabilities if they don’t want their TV eavesdropping on — and transmitting over the Internet to third parties — what’s happening nearby.
Ted Harrington, executive partner with Baltimore consulting firm Independent Security Evaluators, said electronics manufacturers so far have done a relatively poor job of defending smart gadgets from hackers.
“As with many emerging technologies, security is not effectively built into most connected devices today,” Harrington said. “The primary development priority for most manufacturers of connected devices is to build functionality first and foremost.”
Then there’s the question of who owns the data streaming out of your smart gadgets. The answer, most experts say, is not you.
“The manufacturer of the device owns the data,” Harrington said. “Most companies store it, either on premises or in cloud solutions. They mine and analyze the data for usage patterns, ways to improve product performance or user experience, and look for ways to monetize the data.
“In many cases, access to the data or even the data itself is sold to third parties, such as advertisers,” he said. “The user authorizes all of this when accepting the end-user license agreement.”
Susan Etlinger, an analyst with San Francisco tech-research firm Altimeter Group, predicted that control of smart-device data will be the focus of aggressive industry lobbying in years ahead. “You can see this being painfully legislated,” she said.
In the meantime, Trend Micro’s Kellerman said consumers should take some simple precautions as the number of connected gadgets in the home proliferate:
• Strengthen the password for your Wi-Fi router to something hard to hack, using numbers, letters and symbols.
• The default password for each of your connected devices is probably “password.” That’s not good, obviously. Give each gadget a new and unique password — that is, a different password for each device.
• Install mobile security programs on every device that can accommodate them, such as tablets and smartphones. This will help alert you if an attack has been made on your home network.
Finally, Kellerman said, expect the worst — even if you take precautions. “Hackers will inevitably get through if they want to bad enough,” he said.
That’s why he takes an additional precaution in his own home: He doesn’t buy any smart devices.
David Lazarus’ column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips and feedback to email@example.com.