In the News

Disclosed by security vendor Mandiant, the vulnerability impacts IoT devices that are powered by ThroughTek’s Kalay platform, which is often used by IoT camera manufacturers, as well as in smart baby monitors, and Digital Video Recorder (DVR) products.

“This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality,” explained Mandiant.
Because tech items like smart speakers, TVs, thermostats, video doorbells, and more sometimes have microphones or cameras that are always online, this could be an invitation for hackers to listen in.
Amazon is introducing a new feature that could have major implications for Americans’ data privacy. Amazon Sidewalk is a wireless network that connects Echo, Ring, and other smart home devices. It will automatically turn on for all owners on Tuesday, June 8 unless they opt-out. As a result, some government officials and data privacy advocates are sounding the alarm on the new provision.
There are “spying eyes” everywhere and you likely have some at your own house. Things like smart doorbells, license plate readers, security and surveillance cameras, and drones among others aren’t new. However, now all that data is being aggregated and collated and turned into intelligence. The topic was the focus of an article in Wired magazine titled, “There Are Spying Eyes Everywhere- and Now They Share a Brain”.
A security company for the Internet of Things (IoT) has identified 33 vulnerabilities in open source code among various devices. This is just a snapshot of what experts think is a growing problem with few government regulations in place.
Many users will have the same question – how is Fitbit data going to be used by Google?

“Fitbit users will be asking themselves whether they want sensitive data like this being used and monetised by Google,” says Ed Johnson-Williams, a policy officer at Open Rights Group, told Wired in 2019. “Google says they won’t use the data for targeting ads. Google must tell Fitbit users and competition authorities what other purposes they will they use it for.
You won’t believe how your smart TV is not just gobbling up your viewing data. In some cases, it’s also gathering information about your home.
Strapped for cash and facing a sharp rise in homicides, city leaders here are expanding police surveillance powers to allow residents and business owners to send live feeds from many types of security cameras — including popular doorbell cameras — directly to the city’s real-time command center.
Last week, after realizing that I had no idea what my partner had filled my house with — and how our security and privacy might be compromised — I took a deep dive into the Internet of Things (IoT) devices in my home. I found eight different smart devices that were spying on me to various degrees, from “actually not spying” to “now China knows everything about me.”

Those devices were:

  • Vizio Smart TV
  • Sonos One
  • Nest Thermostat
  • Google Nest Hub
  • iRobot Braava Jet m6
  • Roborock S6 Vacuum
  • Google Chromecast
  • Eufy Smart Scale
TCL smart TVs running Android seem to have huge security holes and could even be designed to spy on users around the world, two security researchers say
Robots can make daily chores much simpler than cleaning the house by hand. Unfortunately, a new study reveals they can also make things much simpler for hackers to steal personal information as well. An international team finds robot vacuum cleaners can actually be remotely reprogrammed to record sound waves, even though they don’t have a microphone inside them.
...Data that seems harmless at first, like records from keyless entry or even smart AC systems like Nest, could be used to establish patterns of movement. That could demonstrate that an apartment isn’t a tenant’s primary residence, which could put their stabilized rent in jeopardy.
Smart TVs are computers just like your phone and laptop, and they’re vulnerable to the same kind of threats. If security holes exist in a smart TV model, it’s only a matter of time before hackers find a way to break in and control it.

Last year, the FBI warned that hackers could use unsecured smart TVs as a backdoor into your network. Tap or click here to see how to keep your TV safe.

In 2020, the risks are even more obvious. One of the most popular smart TV brands has a critical flaw in its operating system that gives a hacker full access to the system’s back end. All they need to know is the TV’s IP address.

Sixty-nine percent of survey respondents say they are very concerned about protecting their data privacy when using these smart devices. And if recent information on data security shows anything, it’s that American consumers are right to worry.
It can be unsettling when you consider what makes a smart TV in your home “smart.” Because a smart TV connects to the internet, collecting data about you and your viewing habits is possible.

Add apps into the picture and the data tracking accelerates.

What are TV manufacturers getting? Your viewing history, the ads you watch or skip, as well as other details.
While security cameras play a vital role in remotely monitoring children, the elderly, and pets, etc., they are also a lucrative target for cybercriminals especially when a huge number of these devices are known to be vulnerable and exposed to public access.

Keeping that in mind; it has been reported that cybercriminals were able to hack thousands of home Internet Protocol (IP) cameras, record live footage, and upload them on explicit and x-rated websites.

3TB of clips from hacked home security cameras posted online

According to authorities, these clips featured victims in compromising positions, such as some undressing, using toilets, couples, mothers breastfeeding, and even children.
From the moment you wake up and first check your phone, to the marketers that infer your mood from your music choices, to the smart speaker that shares your private conversations, or the television that listens in on them (from the terms and conditions of a Samsung smart TV: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured”), there is nowhere to hide – or even just be – in this hyper-connected hellscape. Corporations can track you both by your face and your digital footprint, your medical records may be handed over to Big Tech, and advertisers may learn of your break-up before you do.
At dinner, I mentioned that I would like to go hiking in Patagonia. I never searched for these trips or anything like it. Yet, an hour later, I started getting ads on my phone about hiking adventures in Patagonia.

While there’s been no concrete evidence that your device’s microphone is always listening, many Americans believe apps and sites routinely collect their voice data and use it for marketing purposes. Your smart speaker with its virtual assistant is always listening.
Streaming services collect user data the same way social media companies do. But unlike social media companies, streaming services have in-depth knowledge about your tastes and viewing habits...

Every streaming service collects data on you in one form or another — but you don’t have to keep it that way. If you want a more private and personal streaming experience, keep reading for the settings you need to change.
The Centre for Data Ethics and Innovation published a paper last year suggesting that the practice could change the relationship vulnerable people, particularly children, have with technology, adding that “the risk is that such relationships could be exploited resulting in people passively accepting the responses and instructions they receive without considering their own safety and security.”
The days of complete privacy or offline days were a luxury that was last experienced by the generation born in 80s. A time when a secret whispered into your best-friend’s ear often went to the grave with them. The time before personal computer was personal time. Personal, private spaces existed before the computer invaded our homes and mobiles became ubiquitous. A sealed letter did not need encryption, it would be read by the sender and the receiver and if you were a minor, probably your parents.
Voice recognition is undeniable proof that we live in the future, and it makes daily life more convenient. But what’s the downside for always-on devices that constantly listen for commands?

It’s just that: They’re always listening. Nearly all voice-activated technology uses microphones that listen for “wake words” or other vocal cues. It also means companies like Apple, Facebook and Google hear all your commands and can potentially pick up conversations if your device thinks it hears the wake word. And these devices are accidentally activated far more often than you might think.
Security Cameras, Smart Speakers, Connected Light Bulbs

Well, now we know some examples of privacy faux pas, since they’ve been documented. Within the last week, we saw Xiaomi home security cameras “accidentally” sending video feeds to strangers’ Nest Hubs. They called it a “bug” — oopsies! Perhaps Vizio and Samsung smart TVs listening to your conversations were not an oopsies; it was a feature! Further, we’ve seen repeated, documented examples of Ring camera hacks, where hackers gained access to video feeds inside and outside the home and in one-case, the hacker told an 8-yr old girl he was Santa Claus. Smart lightbulbs have been shown to leak Wi-Fi passwords and smart plugs have been documented being used as a jumping off point for hackers to get into your home or office networks. These security issues are not new at all. Everyone has heard of the examples of hacking home networks via connected printers, which have been around a lot longer than IoT devices.
Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely.

Check Point cybersecurity researchers—Dikla Barda, Roman Zaikin and Yaara Shriki—today disclosed severe security vulnerabilities in Amazon's Alexa virtual assistant that could render it vulnerable to a number of malicious attacks.
Avoid IoT-based network solutions like Amazon Alexa Echo

There is no doubt that a connected home, courtesy of the latest Internet of Things (IoT) technologies, is convenient. And while it might be front and center of your decision to install IoT-linked devices, the flipside is that the brands that manufacture the interconnected devices often have agreements with US state and federal governments to hand over your data.
The ongoing joke around smart home devices is that they are spying devices that people opt to put in their homes and offices. Various companies have always denied this, saying that the devices are only triggered using “wake words.”

As it turns out, that’s not always true.
Either we've become so complacent with the presence of our smart home devices like Google Home or Amazon Alexa, or we've decided that being able to turn on our smart lights by shouting at a device is worth the price of our privacy. From purported eavesdropping to using collected data to sell you things, the bottom line is that they are listening.
Is the Vacuum Spying on You?

Here’s how it could work in theory (or reality, really). Hackers could use your vacuum for home recon, eavesdropping, video surveillance, and potentially even to crack into your IP address and gain your home’s location. Stalkerware is an umbrella term given to software or apps that allow a victim's devices to be monitored by a third-party, including their location and what information they access online.
Google has promised changes to its advertising practices after the company was found to be promoting the use of so-called "stalkerware".

From August 11, Google says it will update its Google Ads Enabling Dishonest Behavior policy to enforce a global ban advertising for spyware and surveillance technology.

Stalkerware is an umbrella term given to software or apps that allow a victim's devices to be monitored by a third-party, including their location and what information they access online.
You probably don't have a lavish getaway planned any time soon—for obvious reasons—but whenever you do travel again, you might have one more threat to worry about: vacation spies.

A 2019 study by financial services firm IPX1031 revealed that in a survey of 2,000 American travelers, 58 percent were worried that their rental host had hidden surveillance equipment installed, and it turned out 11 percent of respondents said they actually have found a hidden camera in one of their rentals in the past. In some cases, travelers even found cameras pointed at bathrooms, where people commonly undress.
Here’s a look at five gadgets found in most homes today that are probably listening in to your conversations.
While it may seem a foregone conclusion that inviting Alexa into your home is inviting an invasion of privacy, there are several settings you can adjust on your favorite Echo speaker to lower the risk.
You are being stalked everywhere you go. In your car. On your morning walk. Even in your own home—by your own TV.

The problem is that while corporations and data brokers are hoovering up all the information they can get their sticky mitts on, there are no laws governing what they can do with that information—or whom they can sell it to. That includes things you thought were private, such as health and financial data, as well as your beliefs and daily habits.

Yet we do little to block the spies. We click “I Agree” without reading the user agreements. We say we’ll do one of those privacy checkups one day, but we never quite get around to it.

Alexa is always eavesdropping. (So are Siri, Google Assistant, and any other virtual assistant you invite into your home.)
You’re being observed 24/7

Smart devices collect a lot of data, including audio, images, video, medical information, and personally identifiable information.

Often, data is collected 24/7. If that's not enough — once your data is collected, it doesn’t always remain within the company that has collected it. In certain (not-so-rare) cases, it ends up with various third-parties who may or may not treat your information responsibly.
"From a privacy standpoint," Santanen says, "it's hard to distinguish between a phone and an ankle monitor."

"It's easy to create an electronic blueprint of emotional cues to “push people’s buttons," Santanen said.

For true privacy, there's no alternative to staying off social media, Santanen said.

Santanen suggests that people avoid those personality quizzes on social media and never save a password. Use one browser to log into services like Google, and another one for everything else.

"Any feature that provides to you convenience is going to rat you out for your privacy," Santanen said.
Lawyers working outside the purview of their firm's IT department worry they may expose clients' sensitive information when phone calls are made around internet-connected appliances.

"Unplugging IoT devices when making client calls isn’t irrational, but practical for mitigating risk..."
At a time when many Americans believe their personal information is less secure and are concerned with how companies and the government use their personal data, a substantial share of the public has opted out of using a product or service because of privacy concerns, according to a Pew Research Center survey conducted June 3-17, 2019.
One of the byproducts of doing all your work from home is that you might be discussing confidential matters. And who might overhear them? Well, there's your smart speakers.....
Internet-connected thermostats, locks, and other devices are popular, but also raise concerns about data security.

When Jeffrey Kaye noticed the box full of electronics bolted to the wall of his Woburn apartment, he wasn’t pleased. When he found out what the box was for, Kaye was furious.
During an interview with the BBC last year, Google’s senior vice-president for devices and services, Rick Osterloh, pondered whether a homeowner should disclose the presence of smart home devices to guests. “I would, and do, when someone enters into my home,” he said.
After owners of baby monitors were hacked by cybercriminals, there are fears the high-tech devices we rely on so much can actually be used to spy on us:
  • Smart speakers
  • Baby monitors
  • Laptops
  • Smartphones
  • Smart home apps
  • Social media
A Queens lawmaker is introducing a bill to protect domestic violence victims from abusers who harass and stalk them “Big Brother” style.
Hey, Google! Alexa! Are you recording my private conversations? If you ask your smart speaker that question, the voice-enabled assistants will deny invading your privacy. But researchers now have a scientifically proven answer: Yes they are.
Biggest IoT study ever finds “smart” devices hoover up a universe of user behavior data and share it with a laundry list of global third parties, frequently with little transparency to the end user.
Amazon's Ring for Android app is loaded with third-party trackers harvesting a "plethora" of customer data, a new investigation claims —and an Amazon engineer for the product wants it completely shut down.

The Electronic Frontier Foundation has discovered that third-party tracking software within the Ring doorbell app is sending customer data to four analytics and marketing companies, including Facebook, Google, MixPanel and AppsFlyer.
This year, more than 20 billion connected devices will be installed worldwide, including sexual technology products with applications that monitor orgasms, save vibration patterns or allow you to connect with your long-distance partner's pleasure device. Since most operate through a Bluetooth connection and with an application, violations are possible and even probable.
To find out how consumers address cybersecurity and privacy risks of connected devices in their homes, ESET, in September 2019, surveyed 4,000 people – 2,000 in the United States, 2,000 in Canada.

Overall, the results show a large disconnect between what people say they do to protect themselves and what they are actually doing in practice.
NEW YORK (AP) — Did someone invite a spy into your home over the holidays? Maybe so, if a friend or family member gave you a voice-controlled speaker or some other smart device.

It’s easy to forget, but everything from internet-connected speakers with voice assistants such as Amazon’s Alexa to television sets with built-in Netflix can be always listening — and sometimes watching, too. As with almost all new technology, installing such devices means balancing privacy risks with the conveniences they offer.
America’s increasingly connected homes will soon be even more plugged in as electronic holiday gifts — smart speakers, TVs, thermostats, video doorbells, even smart pet feeders and litter boxes — are installed.

Because many of these Internet of Things (IOT) devices have microphones and cameras that are always online, they’re an inviting target for hackers who can use them to spy on us.
How to make money selling TVs — resell our data
That's the good news. The bad: to turn a profit, manufacturers now make up the difference by selling your viewing habits to data brokers, letting them know what shows and networks you watch, your demographic and real estate locations and more.
KEY POINTS
  • The last 10 years have seen the launch of internet-connected devices by Amazon, Google, Apple and others that can monitor, record and listen to our daily activity.
  • These devices pledge to simplify our lives and entertain us. But in the background, they amass all kinds of data, which advocates worry could threaten users’ privacy and security.
  • Consumers are increasingly waking up to these risks and are starting to demand more control over how their data is used, while regulators are racing to enact federal privacy laws to limit data collection.
In a 700-page book, the Harvard scholar skewered tech giants like Facebook and Google with a damning phrase: "surveillance capitalism." The unflattering term evokes how these companies vacuum up the details of our lives, make billions from that data and use what they've learned to glue our attention more firmly to their platforms.
How the world’s biggest companies got millions of people to let temps analyze some very sensitive recordings
This weekend, many folks will be poring over retail circulars, online ads and promotions, doing their research to get ahead on the best deals for Black Friday gifts. But before you brave the Thursday/Friday lines and/or click the buy button on a great deal, we ask you to take a minute and consider the downside of the digital age — your privacy.
“It’s scary that they’re listening to you, and you don’t know when,” said Dena Rakarich of Monaca. She was brave enough to allow us to listen as she discovered for the first time what her Amazon Alexa device has been recording in her home. “God, it records everything!” said Rakarich.
A lot of this advice goes beyond the Echo/Google concern and into the use of connected devices more broadly. But broadly understanding what any device they bring into their house can do, who has access to it, what they can do with it, and whether or not that device is worth the potential risk, is something kids (and adults!) should be able to do.
Protecting our privacy and security in this day and age entails addressing not just the physical world but also the digital one. In this world, “no trespassing” takes on a whole new meaning.
Any device that's connected to the internet can be exploited in some way, says Amie Stepanovich, IoT security expert and executive director of the Silicon Flatirons Center at the University of Colorado. Part of the risk in smart sex toys and other IoT products, she says, is that the internet is integrated into industries that don’t have much expertise in cybersecurity.
In recent years, consumers have expressed fears that their smartphones could be listening to them. According to a new report published in Journal of Cyber Policy, such fears are justified.

But it goes much further than that.
For smart home devices to respond to queries and be as useful as possible, they need to be listening and tracking information about you and your regular habits. When you added the Echo to your room as a radio and alarm clock (or any other smart device connected to the Internet), you also allowed a spy to enter your home.
A new study has once again found that most “internet of things” (IOT) devices routinely deliver an ocean of sensitive data to partners around the world, frequently without making these data transfers secure or transparent to the end user.
This article looks at nine threats to privacy that have recently emerged and explores what hope there is, if any, for personal privacy in the future.
What the researchers found was astounding – 72 of the 81 IoT devices shared data with third parties completely unrelated to the original manufacturer.
Google and Facebook are easy scapegoats, but companies have been collecting, selling, and reusing your personal data for decades, and now that the public has finally noticed, it’s too late. The personal-data privacy war is long over, and you lost.
As families around the world excitedly gobble up devices that connect to the Internet of Things (IoT), home life is starting to look more and more like an episode of The Jetsons.
...Because Alexa and Google Home and every other gewgaw that has the word “smart” in front of it, every service that has “personalized” in front of it is nothing but supply chain interfaces for the flow of raw material to be translated into data, to be fashioned into prediction products, to be sold in behavioral futures markets so that we end up funding our own domination...
Multiple contractors working for Microsoft explain how they listened to audio captured by Xbox consoles.

The former contractor said most of the voices they heard were of children.
Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures?
We’ve gotten used to trading personal information for tailored ads and letting devices into every part of our lives for convenience. But, as we develop these habits and make these trade-offs, what does it mean for our kids?
...Amazon wants to know every time the light is turned on or off, regardless of whether you asked Alexa to toggle the switch. Televisions must report the channel they’re set to. Smart locks must keep the company apprised whether or not the front door bolt is engaged.
But life inside the home, too, is increasingly transparent to watchful outsiders, the result of mushrooming internet-connected devices that consumers are setting up in their dens and bedrooms.
These days we are more connected than ever. Smartphones, smart watches, even smart light switches. But how safe are these devices when it comes to your personal privacy?
When you think of your home environment, do you view it as your sanctuary — the place where you feel the most secure and private?
If you thought stepping on a Lego was bad, consider the new ways in which toys can hurt and harm families.