Back To The Blog

Taking a look at Smart Devices: Proceed with Caution

Privacy / August 16 , 2021

At the height of the first wave of the pandemic and touchless technology, voice-activated search hit its stride in 2020, and devices like smart speakers are now more popular than ever. But as with every modern advance, hands-free convenience brings tradeoffs, and in this case, that tradeoff may be our personal privacy.

By design, voice-activated technology relies on biometric data, processing it through machine learning and AI to deliver fast results for the user. It’s long been noted that smart speakers and digital assistants are doing as much “listening” aka recording as speaking, although newer models are designed with better privacy protections. And users can and should adjust their settings accordingly.

The problem lies not so much with one standalone device as in the rush toward Smart Everything in an increasingly interconnected world. We take it for granted now that our devices will come with connectivity but with every new development comes new attendant risks, some of which will have real-life impact.

Recently, it was revealed that the Amazon Echo smart speaker’s default Sidewalk function allows neighbors to share bandwidth across devices. This immediately piqued the concern of security and privacy experts, as wi-fi networks are notoriously insecure to begin with. While there is a way to opt out of the shared setting it takes effort on the part of the user to log on to their Amazon account and change it. The very fact that this product has been brought to market with the default questionable setting speaks to the brazen approach companies can now take and usually get away with.

Another disturbing example is this summer’s story about the Texas Energy Commission, which runs an energy conservation program called the EnergyHub which sold IoT home security systems to customers. During a heat wave, some people woke up to find that the program had remotely adjusted their thermostats to 80 degrees. They had, in fact, given EnergyHub permission to do so in exchange for entry into a sweepstakes. To some this may seem like a low-impact consequence of owning an IoT device, but to many of us such an event would seem quite invasive.

These days, it’s difficult to even find a television that is not internet connected. But when shopping for other appliances it’s worth weighing whether IoT connectivity or added functions like voice-activated search and the like are truly necessary for your usage. In some cases, these risks may seem altogether unnecessary, outweighing the usefulness of the device itself.

For example, I purchased a Samsung Galaxy watch for the sole purpose of tracking my exercise and connecting the data to an app on my phone. At some point I was notified about a new user agreement that required me to connect all of the contacts on my phone before logging in. To my mind, there was no good reason why my watch should need access to these contacts, other than the fact that the company wanted access to the data. While I was grateful to get the heads up and opt out it was only ten days in advance of the service change, so many people probably missed the notice altogether.

We may embrace technology or we may fear it, but it’s not going away. And whether we make use of IoT features, they pose a privacy risk to us nonetheless, so it’s in our best interest to learn how to manage them.


Related Blog Posts

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2024 NetDiligence All Rights Reserved.