Is your smart fridge spying on you? If your digital assistant is listening all the time, is it also recording what it hears?
These are just some of the questions people are asking now that all types of wireless devices, from TVs to health care monitors, are connected to the internet and managing our lives.
Whether you should be paranoid or not largely depends on whether a digital assistant or smart device has a full range of capabilities or is a single-purposed “internet of things” device, said cybersecurity expert John Dickson, principal at Denim Group, a secure-software development firm.
The internet of things, more commonly seen as IoT, is the network of physical objects and devices that gives people access to enormous amounts of data and the ability to exchange and use that data.
“Digital assistants such as Alexa and Siri have a broad set of capabilities, including the ability to listen passively,” Dickson said. “People should be a bit more cautious about digital assistants, managing them like the powerful computing devices they are.”
Because these devices are so connected and processing our data, it’s a must that basic security and privacy settings are implemented. That starts with changing one’s default — or easily guessed — passwords, Dickson said.
“People are well-served to fully understand the capabilities of any devices they introduce into their homes,” he said. “Simply unpacking IoT devices, plugging them in, turning them on and attaching them to your home network can create tons of unanticipated problems downstream.
“Remember, most of the companies who create these devices have business models that use customer behavioral data for profit, so they are likely to capture more data than people thought.”
Technically, smart devices that collect data that are sent and used by companies is not spying. If you’re using these devices you most likely agreed to terms of service and privacy policies — you read those, right?
If data are being stored on the cloud, who can see it?
“This really depends on the devices and settings on each device,” Dickson said. “Users should be mindful of these settings and periodically take inventory of what they have in place and how much of that data is being pushed to the cloud, which likely is most of it.”
Users should pick a date each year to inventory what settings their devices have in place and what data the device is storing.
“The thing to remember here is that you store information in the cloud so you can access it when you need it, which is an incentive for managing storage in the cloud,” Dickson said.
While these devices provide people with a range of capabilities at reasonable price points, it’s important to remember that if not configured securely, these very powerful systems can most certainly be used against you, Dickson said.
“Seriously, understand the capabilities of what you’re introducing into your home environment, change the default passwords and don’t just slap it on your home network,” he said. “Do it right the first time to save yourself a ton of aggravation in the future.”