Internet of Things (IoT) devices are everywhere. It’s not just our smartphones and laptops that connect to the Internet. Anything from a smart fridge to a smart light bulb can be operated via an app. And there’s little doubt that the number of connected devices will only grow over time.
The appeal of IoT is clear. Who doesn’t want their fridge to automatically re-stock or their lights to turn off at a voice command? But convenience comes at a price: we hear more and more concerns about data privacy and security of connected devices. With IoT appliances, our homes and our bodies are broadcasting a never-ending stream of data. We should start asking who’s on the receiving end of all that information.
Your Apple Watch could be spying on you
UK ministers were reportedly told to leave their fitness trackers behind when attending important Cabinet meetings. Reason? Security experts worried that smartwatches can be hijacked by unauthorized parties and used for espionage. The in-built microphone and sensors can be used to track all kinds of data: from recording conversations to revealing the PINs inserted by the user.
But even if you’re not a VIP attending top-secret meetings, there are still reasons to worry. IoT devices are typically released to the market in six or fewer months since inception. When the time pressure is on, security testing often gets skipped in the development process. Consequently, many connected devices have in-built security flaws that make them vulnerable to cyber attacks.
And if you’ve been paying attention to the news, you know that the tech companies themselves have a complicated relationship with privacy. Over-collection and over-retention of data is the industry standard. You might trust the company you bought your smartwatch from but what if they get acquired by someone else ten years from now? It’s impossible to predict how the data collected today will be used tomorrow.
Who’s listening when you talk to Alexa?
The answer is Amazon employees. In a big scandal earlier this year, it was revealed that Amazon workers actually listen to Alexa recordings. It’s part of the AI training: teaching the algorithm to better understand human speech and give more relevant suggestions in the future.
Even when done in the name of improving the services, it’s still disturbing to have someone eavesdrop on your most intimate moments. Luckily, you can opt out from being part of the research in the Alexa privacy settings. But how many people were spied on by Amazon before the media brought this issue to our attention? Probably quite many.
Amazon employees are not your only worry if you own a smart home system, though. Security experts showed that hacking Alexa or a similar system isn’t as hard as it should be. Even some baby monitors were shown to be vulnerable to hacking attacks, to parent’s understandable horror.
Luckily, your smart home appliances are easier to secure than the wearables you use on the go. To keep your Alexa safe from hackers, you can use a VPN to protect your home network. VPN, or Virtual Private Network, will encrypt the internet traffic on all your connected devices, making it harder for third parties to spy on your sensitive data.
The terrifying future of IoT medical devices
The Internet of Medical Things takes issues of device security to a whole other terrifying level. Technology is transforming the healthcare system and connected devices are becoming a key element. Medical IoT devices can automatically administer life-saving medicine and allow doctors to monitor the patient’s health remotely.
Unfortunately, these devices are not exempt from any of the security flaws that other IoT devices have. Researchers proved that by successfully hacking a pacemaker and an insulin pump. In a dark twist of events, could hackers take control over medical devices to request ransom from the victims?
Is the law protecting us?
There are no specific laws around IoT device privacy in the US, although plans for such legislation were just launched by the Digital Minister Margot James. The European Union is slightly ahead, with General Data Protection Regulation (GDPR) outlining rules around IoT in particular. Unfortunately for us consumers, IoT devices are advancing faster than the legal framework regulating them.
We shouldn’t have high hopes for the tech industry to self-regulate in the meantime. Data is the most valuable currency of this century and we can be sure that the manufacturers will extract as much of it from us as possible. Hiding behind blanket statements like “improving customer experience”, Amazon and other IoT producers will continue to collect our sensitive information.
Guest post by
Brad Smith is a technology expert at TurnOnVPN, a non-profit promoting a safe, secure, and censor-free internet.
He writes about his dream for a free internet and unravels the horror behind big techs