In the News

Voice recognition is undeniable proof that we live in the future, and it makes daily life more convenient. But what’s the downside for always-on devices that constantly listen for commands?

It’s just that: They’re always listening. Nearly all voice-activated technology uses microphones that listen for “wake words” or other vocal cues. It also means companies like Apple, Facebook and Google hear all your commands and can potentially pick up conversations if your device thinks it hears the wake word. And these devices are accidentally activated far more often than you might think.
Security Cameras, Smart Speakers, Connected Light Bulbs

Well, now we know some examples of privacy faux pas, since they’ve been documented. Within the last week, we saw Xiaomi home security cameras “accidentally” sending video feeds to strangers’ Nest Hubs. They called it a “bug” — oopsies! Perhaps Vizio and Samsung smart TVs listening to your conversations were not an oopsies; it was a feature! Further, we’ve seen repeated, documented examples of Ring camera hacks, where hackers gained access to video feeds inside and outside the home and in one-case, the hacker told an 8-yr old girl he was Santa Claus. Smart lightbulbs have been shown to leak Wi-Fi passwords and smart plugs have been documented being used as a jumping off point for hackers to get into your home or office networks. These security issues are not new at all. Everyone has heard of the examples of hacking home networks via connected printers, which have been around a lot longer than IoT devices.
Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely.

Check Point cybersecurity researchers—Dikla Barda, Roman Zaikin and Yaara Shriki—today disclosed severe security vulnerabilities in Amazon's Alexa virtual assistant that could render it vulnerable to a number of malicious attacks.
Avoid IoT-based network solutions like Amazon Alexa Echo

There is no doubt that a connected home, courtesy of the latest Internet of Things (IoT) technologies, is convenient. And while it might be front and center of your decision to install IoT-linked devices, the flipside is that the brands that manufacture the interconnected devices often have agreements with US state and federal governments to hand over your data.
The ongoing joke around smart home devices is that they are spying devices that people opt to put in their homes and offices. Various companies have always denied this, saying that the devices are only triggered using “wake words.”

As it turns out, that’s not always true.
Either we've become so complacent with the presence of our smart home devices like Google Home or Amazon Alexa, or we've decided that being able to turn on our smart lights by shouting at a device is worth the price of our privacy. From purported eavesdropping to using collected data to sell you things, the bottom line is that they are listening.
Is the Vacuum Spying on You?

Here’s how it could work in theory (or reality, really). Hackers could use your vacuum for home recon, eavesdropping, video surveillance, and potentially even to crack into your IP address and gain your home’s location. Stalkerware is an umbrella term given to software or apps that allow a victim's devices to be monitored by a third-party, including their location and what information they access online.
Google has promised changes to its advertising practices after the company was found to be promoting the use of so-called "stalkerware".

From August 11, Google says it will update its Google Ads Enabling Dishonest Behavior policy to enforce a global ban advertising for spyware and surveillance technology.

Stalkerware is an umbrella term given to software or apps that allow a victim's devices to be monitored by a third-party, including their location and what information they access online.
You probably don't have a lavish getaway planned any time soon—for obvious reasons—but whenever you do travel again, you might have one more threat to worry about: vacation spies.

A 2019 study by financial services firm IPX1031 revealed that in a survey of 2,000 American travelers, 58 percent were worried that their rental host had hidden surveillance equipment installed, and it turned out 11 percent of respondents said they actually have found a hidden camera in one of their rentals in the past. In some cases, travelers even found cameras pointed at bathrooms, where people commonly undress.
Here’s a look at five gadgets found in most homes today that are probably listening in to your conversations.
While it may seem a foregone conclusion that inviting Alexa into your home is inviting an invasion of privacy, there are several settings you can adjust on your favorite Echo speaker to lower the risk.
You are being stalked everywhere you go. In your car. On your morning walk. Even in your own home—by your own TV.

The problem is that while corporations and data brokers are hoovering up all the information they can get their sticky mitts on, there are no laws governing what they can do with that information—or whom they can sell it to. That includes things you thought were private, such as health and financial data, as well as your beliefs and daily habits.

Yet we do little to block the spies. We click “I Agree” without reading the user agreements. We say we’ll do one of those privacy checkups one day, but we never quite get around to it.

Alexa is always eavesdropping. (So are Siri, Google Assistant, and any other virtual assistant you invite into your home.)
You’re being observed 24/7

Smart devices collect a lot of data, including audio, images, video, medical information, and personally identifiable information.

Often, data is collected 24/7. If that's not enough — once your data is collected, it doesn’t always remain within the company that has collected it. In certain (not-so-rare) cases, it ends up with various third-parties who may or may not treat your information responsibly.
"From a privacy standpoint," Santanen says, "it's hard to distinguish between a phone and an ankle monitor."

"It's easy to create an electronic blueprint of emotional cues to “push people’s buttons," Santanen said.

For true privacy, there's no alternative to staying off social media, Santanen said.

Santanen suggests that people avoid those personality quizzes on social media and never save a password. Use one browser to log into services like Google, and another one for everything else.

"Any feature that provides to you convenience is going to rat you out for your privacy," Santanen said.
Lawyers working outside the purview of their firm's IT department worry they may expose clients' sensitive information when phone calls are made around internet-connected appliances.

"Unplugging IoT devices when making client calls isn’t irrational, but practical for mitigating risk..."
At a time when many Americans believe their personal information is less secure and are concerned with how companies and the government use their personal data, a substantial share of the public has opted out of using a product or service because of privacy concerns, according to a Pew Research Center survey conducted June 3-17, 2019.
One of the byproducts of doing all your work from home is that you might be discussing confidential matters. And who might overhear them? Well, there's your smart speakers.....
Internet-connected thermostats, locks, and other devices are popular, but also raise concerns about data security.

When Jeffrey Kaye noticed the box full of electronics bolted to the wall of his Woburn apartment, he wasn’t pleased. When he found out what the box was for, Kaye was furious.
During an interview with the BBC last year, Google’s senior vice-president for devices and services, Rick Osterloh, pondered whether a homeowner should disclose the presence of smart home devices to guests. “I would, and do, when someone enters into my home,” he said.
After owners of baby monitors were hacked by cybercriminals, there are fears the high-tech devices we rely on so much can actually be used to spy on us:
  • Smart speakers
  • Baby monitors
  • Laptops
  • Smartphones
  • Smart home apps
  • Social media
A Queens lawmaker is introducing a bill to protect domestic violence victims from abusers who harass and stalk them “Big Brother” style.
Hey, Google! Alexa! Are you recording my private conversations? If you ask your smart speaker that question, the voice-enabled assistants will deny invading your privacy. But researchers now have a scientifically proven answer: Yes they are.
Biggest IoT study ever finds “smart” devices hoover up a universe of user behavior data and share it with a laundry list of global third parties, frequently with little transparency to the end user.
Amazon's Ring for Android app is loaded with third-party trackers harvesting a "plethora" of customer data, a new investigation claims —and an Amazon engineer for the product wants it completely shut down.

The Electronic Frontier Foundation has discovered that third-party tracking software within the Ring doorbell app is sending customer data to four analytics and marketing companies, including Facebook, Google, MixPanel and AppsFlyer.
This year, more than 20 billion connected devices will be installed worldwide, including sexual technology products with applications that monitor orgasms, save vibration patterns or allow you to connect with your long-distance partner's pleasure device. Since most operate through a Bluetooth connection and with an application, violations are possible and even probable.
To find out how consumers address cybersecurity and privacy risks of connected devices in their homes, ESET, in September 2019, surveyed 4,000 people – 2,000 in the United States, 2,000 in Canada.

Overall, the results show a large disconnect between what people say they do to protect themselves and what they are actually doing in practice.
NEW YORK (AP) — Did someone invite a spy into your home over the holidays? Maybe so, if a friend or family member gave you a voice-controlled speaker or some other smart device.

It’s easy to forget, but everything from internet-connected speakers with voice assistants such as Amazon’s Alexa to television sets with built-in Netflix can be always listening — and sometimes watching, too. As with almost all new technology, installing such devices means balancing privacy risks with the conveniences they offer.
America’s increasingly connected homes will soon be even more plugged in as electronic holiday gifts — smart speakers, TVs, thermostats, video doorbells, even smart pet feeders and litter boxes — are installed.

Because many of these Internet of Things (IOT) devices have microphones and cameras that are always online, they’re an inviting target for hackers who can use them to spy on us.
How to make money selling TVs — resell our data
That's the good news. The bad: to turn a profit, manufacturers now make up the difference by selling your viewing habits to data brokers, letting them know what shows and networks you watch, your demographic and real estate locations and more.
KEY POINTS
  • The last 10 years have seen the launch of internet-connected devices by Amazon, Google, Apple and others that can monitor, record and listen to our daily activity.
  • These devices pledge to simplify our lives and entertain us. But in the background, they amass all kinds of data, which advocates worry could threaten users’ privacy and security.
  • Consumers are increasingly waking up to these risks and are starting to demand more control over how their data is used, while regulators are racing to enact federal privacy laws to limit data collection.
In a 700-page book, the Harvard scholar skewered tech giants like Facebook and Google with a damning phrase: "surveillance capitalism." The unflattering term evokes how these companies vacuum up the details of our lives, make billions from that data and use what they've learned to glue our attention more firmly to their platforms.
How the world’s biggest companies got millions of people to let temps analyze some very sensitive recordings
This weekend, many folks will be poring over retail circulars, online ads and promotions, doing their research to get ahead on the best deals for Black Friday gifts. But before you brave the Thursday/Friday lines and/or click the buy button on a great deal, we ask you to take a minute and consider the downside of the digital age — your privacy.
“It’s scary that they’re listening to you, and you don’t know when,” said Dena Rakarich of Monaca. She was brave enough to allow us to listen as she discovered for the first time what her Amazon Alexa device has been recording in her home. “God, it records everything!” said Rakarich.
A lot of this advice goes beyond the Echo/Google concern and into the use of connected devices more broadly. But broadly understanding what any device they bring into their house can do, who has access to it, what they can do with it, and whether or not that device is worth the potential risk, is something kids (and adults!) should be able to do.
Protecting our privacy and security in this day and age entails addressing not just the physical world but also the digital one. In this world, “no trespassing” takes on a whole new meaning.
Any device that's connected to the internet can be exploited in some way, says Amie Stepanovich, IoT security expert and executive director of the Silicon Flatirons Center at the University of Colorado. Part of the risk in smart sex toys and other IoT products, she says, is that the internet is integrated into industries that don’t have much expertise in cybersecurity.
In recent years, consumers have expressed fears that their smartphones could be listening to them. According to a new report published in Journal of Cyber Policy, such fears are justified.

But it goes much further than that.
For smart home devices to respond to queries and be as useful as possible, they need to be listening and tracking information about you and your regular habits. When you added the Echo to your room as a radio and alarm clock (or any other smart device connected to the Internet), you also allowed a spy to enter your home.
A new study has once again found that most “internet of things” (IOT) devices routinely deliver an ocean of sensitive data to partners around the world, frequently without making these data transfers secure or transparent to the end user.
This article looks at nine threats to privacy that have recently emerged and explores what hope there is, if any, for personal privacy in the future.
What the researchers found was astounding – 72 of the 81 IoT devices shared data with third parties completely unrelated to the original manufacturer.
Google and Facebook are easy scapegoats, but companies have been collecting, selling, and reusing your personal data for decades, and now that the public has finally noticed, it’s too late. The personal-data privacy war is long over, and you lost.
As families around the world excitedly gobble up devices that connect to the Internet of Things (IoT), home life is starting to look more and more like an episode of The Jetsons.
...Because Alexa and Google Home and every other gewgaw that has the word “smart” in front of it, every service that has “personalized” in front of it is nothing but supply chain interfaces for the flow of raw material to be translated into data, to be fashioned into prediction products, to be sold in behavioral futures markets so that we end up funding our own domination...
Multiple contractors working for Microsoft explain how they listened to audio captured by Xbox consoles.

The former contractor said most of the voices they heard were of children.
Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures?
We’ve gotten used to trading personal information for tailored ads and letting devices into every part of our lives for convenience. But, as we develop these habits and make these trade-offs, what does it mean for our kids?
...Amazon wants to know every time the light is turned on or off, regardless of whether you asked Alexa to toggle the switch. Televisions must report the channel they’re set to. Smart locks must keep the company apprised whether or not the front door bolt is engaged.
But life inside the home, too, is increasingly transparent to watchful outsiders, the result of mushrooming internet-connected devices that consumers are setting up in their dens and bedrooms.
These days we are more connected than ever. Smartphones, smart watches, even smart light switches. But how safe are these devices when it comes to your personal privacy?
When you think of your home environment, do you view it as your sanctuary — the place where you feel the most secure and private?
If you thought stepping on a Lego was bad, consider the new ways in which toys can hurt and harm families.