At this point, it’s obvious that our smartphones and computers are data-leakers. Plenty of us now cover our laptops’ webcams (although we always forget about the mics), while our smartphones track our locations with us wherever we go. Unfortunately, these tools are so indispensable in modern life, we accept the privacy hit in order to function with the rest of society, and do what we can to keep our data secure.
However, it isn’t solely these infamous devices that intrude on our lives. Just about any device that connects to the internet poses some privacy and security risk to your life. Smart TVs, lights, refrigerators, vacuums, locks, thermostats, maps services, air conditioners, switches, even faucets: If it has “smart” in the title, it likely has a spying problem.
Not all risks are created equal, mind you, but it’s impossible to use a device designed by a third-party to reach out to another network without exposing yourself to some degree. What determines the degree, however, is both the intent of the maker of the smart device, as well as the unintended consequences of their work. I’ll explain.
Let’s start with the former: Any company that makes a device that connects to the internet, or that connects to a second internet-ready device, makes a decision on how to respect your privacy. Usually, the respect is minimal to none: It’s not surprising to discover that a smart device by default is tracking at least some data and sending it back to the developer, or sharing with third-parties for ad purposes.
Sometimes, we don’t know about these data leaks until they’re reported by whistleblowers, such as when we learned Apple contractors were listening in on people’s lives through snippets of Siri recordings. However, you can take a peek into at least some of the data devices and companies are stealing from you through the device’s settings.
Dive into the smart device’s settings
Most smart devices work by connecting to your smartphone, or more specifically, an app on your smartphone. That might be your smartphone’s built-in home app, like the Home app on iPhone or Google Home on Android, or a third-party app, such as Smart Life. Not only do these apps allow you to customize and control the many smart devices powering your smart home, they also contain the privacy and security settings your smart device’s developer shipped it with. And, boy, can these settings be telling.
I’ll offer myself up as an example for this piece. I don’t have too many smart devices in my home, but I do enjoy a series of smart lights. While I’ve had these lights and their connected third-party app for years now, I somehow never dove into the privacy settings to see what options I could adjust. The first option? “Data Analysis: Allow us to collect data related to product usage.”
Oh, sure. Fine. “Data.” Whatever that means.
When the description is as vague as this statement, my lights could really be handing over anything: The developer could simply be tracking when the lights turn off and on, or they could be recording anytime my phone connects to their network, letting them know when I enter my home and when I leave. Really, the scope is endless, and I don’t like it. It goes without saying, but this setting is now disabled.
Another setting I now make sure is turned off is, “Personalization: Allow us to recommend content to you through ads and notifications.” I have absolutely no need for this smart home app to take in my data and attempt to sell me ads based on my light usage. Bye.
From a privacy perspective, these settings pages are essential to comb through if you want to limit the amount of data you’re feeding your smart home. Don’t forget to check the systems setting for the app as well: On iPhone, for example, you need to go to the app’s name in Settings to find additional privacy settings, including network connections like Bluetooth, Local Network, and Cellular Data. If I could, I would disable all these connections for my smart lights, but then, unfortunately, I wouldn’t be able to adjust my lights from my phone, defeating the purpose. (Although I don’t give them my location, so that’s something, right?)
That brings up an important point, though: In order for many of these devices to work properly, you have to give up some privacy. It’s a feature, not a bug: Your smart thermostat, for example, won’t let you adjust the temperature on your way home from work if you can’t communicate with it from your phone. The same principle applies to any IoT device that needs a connection to another device to function.
If you don’t want to sacrifice that privacy, that’s totally valid, but a smart home likely isn’t the way to go for you.
Smart TVs are an exception, here, of course: They are the device, and don’t rely on a smartphone or an app to function. In that case, you’ll scroll through the settings on the TV itself to make sure your security it as tight-knit as possible. Pay close attention to settings that track everything you watch, known generally as ACR.
Of course, these settings pages aren’t tell-alls: Many devices likely leak data we don’t know about, and companies are more than happy to offer us no way to control it. However, if we’re going to commit to a smart home, the less data we hand over, the better.
Smart devices are targets for hacking
It’s not just privacy that’s a concern here, though: Smart devices also pose a risk to your security. Any device connected to the internet offers a gateway to hackers into your life. Consider how hackers were able to break into Target’s systems using the company’s smart thermostats as an entry point. Now think about the smart thermostat sitting in your living room: Even if the developer doesn’t mean to create a device that’s easily hackable, unpatched vulnerabilities in their code make it a possibility.
Even worse, consider the data hackers could snag depending on the device. Hacking your smart lights is one thing, but breaking into a smart speaker to listen in on all your conversations, or a smart camera to watch all your conversations is another matter entirely. Even something as innocuous as a smart light shouldn’t be ignored, since sophisticated attacks can use the smart light’s connections to break into your network as a whole.
If possible, keep your devices disconnected from your main network. If you can keep them only communicating with your phone, rather than the general wifi, that can help prevent these attacks (on an iPhone, that means keeping Bluetooth and Local Networks enabled and disabling wifi). However, since many of these devices require an internet connection to function, the best thing to do is go for reputable brands with a history of good security. That said, consumers aren’t often the targets of such hacks, but since it’s at least possible, it’s something to consider.
Original article here