Smart homes (and cities) have a privacy problem
“I’m your best friend … I’m Santa Claus. You can do whatever you want right now. You can mess up your room. You can break your TV. You can do whatever you want,” came the voice, not down the chimney of a Tennessee home, but through its Ring smart camera.
Last week, the LeMay family reported that the smart camera they had bought to ensure the safety of their eight year-old daughter had been hacked, less than a week after they purchased it, by a stranger who - in the charming parlance of the original local news report - “found a way to manipulate it, turning the security device into a room of horror.”
A hacker may have gained access due to the family not setting up two-factor authentication - according Ring, which released a statement saying that, “while we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security.”
The Amazon-owned IoT security company’s response was repeated this week in response to a Calabasas, California, woman called Tammy, whose Ring security camera began talking to her in a man’s voice, asking her to “show me some [unprintable].” Once again, Ring’s response was that poor password protection, - not their internal system - was at fault.
IoT enabled smart devices are one of the most popular forms of home electronics, with a market that’s predicted to surpass $100bn by the end of 2019, and hit $157bn by 2023. By the start of 2020, there are expected to be more than 200 million smart speakers alone installed around the world - spreading across our kitchen counters like an army of malevolent robot cheese graters - and that's not counting IoT cameras, helpful robots and intelligent fridges.
However, there’s a problematic combination of dangers that smart homes expose their owners to. The first is external; every new IoT device in your house, on your city block, is a potential endpoint for private and state-sponsored hackers. In this case, while the impetus for the highest levels of security possible rests with device manufacturers (particularly where smart city infrastructure in public places is concerned), there is also a responsibility for users who bring smart devices into their homes to educate themselves on cybersecurity best practices (that means using a different password for the camera that records you sleeping and your Club Penguin account, Tammy).
However, any efforts by consumers to preserve their privacy mean about as much as a self-driving wheelie bin trying to go down a flight of stairs like ED-209 if that information is being sold to unknown third parties by the company that made your Amazon Alexa, Ring doorbell or Google Home Hub.
In his book Permanent Record, whistleblower Edward Snowden reflects on one of the defining moments in life - looking at a smart fridge, in a Best Buy of all places. "Where this data that your refrigerator was collecting, that your phone was collecting, that the government was collecting — where all of this data was going was intentionally hidden from us," he said. "We are no longer partner to our technology, in large part, just as we are increasingly, unfortunately, no longer partner to our government, so much as subject to them. And this is a dangerous trend."
Government and corporate data mining is only going to be increased as 5G envelopes our cities and our streets and buildings are packed even more densely with IoT sensors, speakers and microphones. The walls have ears now and, while they’re happy to help order sushi, they’re passing that information along a very shady chain to people who use your private life to drive increased profits.
If smart cities and smart homes are the future of our increasingly interconnected world, governments need to aggressively regulate the way that data is controlled, companies need to be transparent about exactly what they’re doing with your data, and consumers need to make it perfectly clear that the convenience and novelty of having their morning appointments read to you by Samuel L Jackson is not an acceptable trade for the near-complete erosion of their privacy.
There’s a week to go until Christmas and I wouldn’t hold your breath for a new, privacy-focused smart home utopia. Instead, I’d recommend a more lo-fi Christmas gift, like a nice bottle of ultra-high proof Polish grain alcohol like Spirytus Duch Puszczy (£30), a cotton and polyester blended scarf (£22), a lighter (about $1.50 at any good corner shop) and the address of the parking garage where Jeff Bezos keeps his car (priceless).
- 5 mins with Tom Kellermann, cyber security leader at VMwareCloud & Cybersecurity
- Apurva Mehta, CTO at Versa Networks, talks IoT securityCloud & Cybersecurity
- How will IoT bring the outside world into the metaverse?Digital Transformation
- Exec Q&A with Stephen de Vries, IriusRisk CEO and co-founderCloud & Cybersecurity