Fraud Alert: Beware of Privacy Breach, Security Risks of 'Smart' Gadgets
Yogesh Sapkale | 06 January 2023
Security experts have regularly warned that great convenience or ease of use usually comes with serious negative implications for your privacy and security risks. The newest and hottest electronics or internet of things (IoT) gadgets, such as smart speakers, video doorbells and fitness trackers, are no exception. They have been found to be 'listening' to your conversations or 'recording' your moves without your knowledge or permission. I am not even talking about hacking or exploitation of gadgets by cybercriminals for collecting information, but an invasion of privacy and data collection that is happening most routinely in order to sell information to advertisers who will then pitch products and services to you. 
IoT gadgets such as Amazon Echo, Alexa smart home or Google Nest are a great convenience for most people. For those who sell you these devices, it is an opportunity to track your every activity and to measure, collect and analyse what you do to generate a comprehensive and ever-increasing variety of behavioural statistics. This data could then be sold and also be used by their own group entities for targeted marketing of products and services. 
For example, one evening, Calder B Price, a writer, discussed French callipers, and suddenly she was bombarded with advertisements of it across all websites. 
She is not alone, though. There are many users of these 'smart devices', who found similar bombardment for products or services that they discussed, which probably was ‘heard’ by the smart devices in their homes. 
IoT is the inter-networking of physical (smart) devices, vehicles, buildings and other items embedded with electronics, software, sensors, actuators and network connectivity that enables these objects to collect and exchange data. The 'things', in the IoT sense, refer to a wide variety of devices, such as heart-monitoring implants, bio-chip transponders, electric clams, automobiles with built-in sensors, DNA analysis devices and field operation devices that assist fire-fighters in search and rescue operations, to name a few.

There are three interconnected aspects that define IoT: sensors, processors to analyse and actuators. In other words, sensors are the eyes and ears, smart processors are the brain, and actuators are the hands and feet of the IoT. This is the classic definition of a robot.

The IoT gadget market, which was flooded with 'mass produced' (read Chinese) devices, now has some well-established players like Amazon and Google. Unfortunately, both of them are at the forefront when it comes to collecting data from users.

In a blog post, Emma McGowan from Avast says, "Amazon is perhaps the most famous data-driven, data-consuming, data-tracking company out there. Google is also a little tricky in how they use the information gathered. As Mozilla's excellent Privacy Not Included guide points out, Google promises not to use your actual voice recordings to gather info to sell you ads. However, they will use transcripts of those voice recordings, which seems like a semantic difference rather than a real one to us."

Amazon, however, claims that its smart devices have built-in privacy protection. "Alexa and Echo devices are built with multiple layers of privacy protection. For example, Echo Dot has a microphone off button that electronically disconnects the microphones. You also have control over your voice recordings," it says on its product description page.

Amazon Echo, Alexa smart homes, or Google Nest need to be woken up using a 'wake word'. For example, Amazon uses 'Alexa', while on Google devices, it is 'Ok Google'. Once these devices are made active using the wake word, they start recording and providing feedback.

However, there have been concerns about these devices mistaking other words as the wake word and recording when people do not want them to. For example, instead of 'Ok Google', the device could be woken up by 'Cocaine Noodle' as well. And I am not even talking about voice modulation here.  

When asked about security vulnerabilities, Amazon and Google keep saying that their voice assistant systems are secure. Maybe. But, as we know, modulating voice or fooling someone with another person's voice has been the favourite game we have been playing since our childhood days. Add to this, voice recognition systems used for voice assistants and you will understand how easy it is to fool them too (Read: Fooling' Smart' Voice Assistants).

Ms McGowan from Avast took a close look at the Ring video doorbell from Amazon. "Ring is, first and foremost, a surveillance tool. It's marketed as helping you surveil your surroundings, but don't forget that it's keeping track of you and your family as well. Ring - and Amazon, its parent company - knows your name, email, postal address, and phone number. It also knows the geolocation of your phone, information about your Wi-Fi network and signal strength, and your product's model, serial number, and software version. If you use Facebook or another third-party login, it also can "obtain information" from that third party."

"And then there is the issue of security. While Amazon is pretty good on that front, users generally are not. Anything from an unsecured network to a weak or stolen Wi-Fi password could let malicious actors gain access to the very sensitive information on your Ring. So if you do choose to get one this holiday season, make sure it is protected and updated regularly," she advises.

This brings us to the main question, whether one should buy and use these smart or IoT gadgets. These smart devices undoubtedly offer a wide range of benefits and are sometimes helpful. The other day, I heard my friend's granddaughter ordering Alexa to play her favourite song... repeatedly (I doubt if the grandpa or grandma would sing the same song repeatedly as per the command of the toddler!).

A straightforward solution could be to switch on the smart devices only when needed. However, when it comes to switching off devices, many of us behave like lazy people (do you remember how many times you have switched off the TV using the remote and not through the power button on the switchboard?).

At the same time, we should not overlook the privacy and security risks, which are as real as gadgets. It means we cannot afford to ignore the risks associated with such devices. Since most of these gadgets would be used in homes, every member must be made aware of the potential dangers of these devices, including tracking, data collection, hacking and surveillance.   

"It is up to each individual to decide what they are willing to trade for any and all devices they are connecting with their home network. All I ask is that you stay aware, stay informed, and make those choices in an educated way," Ms McGowan sums it up.