We have become so immune to news of data breaches and violations of privacy that barely anybody is able to keep up with the most recent scandals. And yet, we are the ones who invite this kind of trouble and bring it to our doorstep. Literally.
The last decade brought an explosion of popularity of IoT devices (Internet of Things).
IoT devices are mainly items of convenience and serve the purpose of home automation –examples are remotely operated lights, heating systems, smart media and various security systems.
And while turning your house into a digital command centre may be an appealing idea, there is one very important consideration, which is often left unanswered – with all these devices around, what happens to the privacy of our home?
Take for example the popular home CCTV systems. Most of them operate online on the 24/7 basis and can be controlled from your smartphone.
The big problem is that the majority of webcams used by these security systems have absolutely no security layer and literally sit there connected to the Internet open to the whole world.
The most popular database for such devices is Shodan, a website that indexes gadgets like webcams, wireless printers and other smart devices.
There are many ways to find open webcams on Shodan – the easiest one is searching the name of the webcam’s manufacturer or a webcam server.
You are guaranteed to find hundreds of these, spread all over the world. The next step is the attempt to gain access to such devices.
It can be done without too much effort – and people do it all the time, by resorting to such primitive methods of hacking as typing in default username and password for the security camera software. This information can be easily obtained online, with a little bit of specific search effort.
Know that any time you are watching your home through security cameras, so are other people, based anywhere around the world – Shodan is a popular website with a list of IoT devices in the millions.
SMART TV SURVEILLANCE
While security cameras normally show the exterior of the house, there is another source of privacy violation inside it – specifically in your sitting room.
Smart TVs track their users on a massive scale, which not many people realise. And the best part is that it’s all on their privacy policies, that nobody ever reads.
The scope of these privacy violations can vary depending on the TV manufacturer.
These companies have realised long ago that selling smart TV sets is only one way to make money – a more lucrative way is to gather user data, process it and sell it to TV networks and online content platforms.
Take a look at some examples:
- Samsung is not much better (www.samsung.com/uk/info/privacy-SmartTV) – starting off with the standard disclaimer that they may collect “information about content that you have watched, purchased, downloaded, or streamed through Samsung applications on your SmartTV or other devices”. The company even goes further and states that “Samsung may collect and your device may capture voice commands and associated texts”.
At this point it is not entirely clear if the Automatic Content Recognition (ACR) captures your screen not only when you watch TV or browse the web, but for instance when you cast holiday photographs or family videos from your smartphone onto the smart TV.
Additionally, every application running a streaming service like Roku, Amazon, Chromecast or Apple collects very similar types of data – from viewing habits, search history, voice searches, cookies, and so on.
Last year researchers from the Northeastern University and Imperial College London published a report which concluded that nearly all major smart TV manufacturers (as well as streaming services!) routinely send private personal information to Netflix without informing the users.
According to the paper, this happens even if no Netflix account is ever logged into on that particular smart TV…
HOW TO CONTROL YOUR PRIVACY
Before we adopt a completely paranoid approach to IoT technology we should remember that this data mining business model is not targeting a specific individual.
Data gathered by these companies is moulded into aggregated, statistical information models used for delivering personalised ads to viewers on a mass scale.
There is a way to turn off the Automatic Content Recognition, or if you are an extreme digital privacy advocate, disable internal smart TV microphones.
You can also refrain from browsing the web or searching for anything while on your smart TV – but that kind of pushes you back to the mid 2000s and your smart TV is no longer smart…
PS. I mentioned Shodan at the beginning of the article – if you want to learn more about how to effectively use it in a search for vulnerable IoT devices, then watch this space!
Something is coming, real soon!!