Connected house

Smart homes make smart spies

Picture this: It’s Saturday morning, and you’ve been waiting for this moment all week. A crush of deadlines had you working late hours every night, and it feels like you’ve barely left the office. But your projects are finished and you’re thrilled to have 48 hours of downtime in your home. 

Your house isn’t just any old house. It’s a smart home. Before you woke, smart blinds rose over your windows, letting in just the right amount of warm morning sunlight. As you step out of bed, you’re not too hot or too cold because your thermostat monitors your house to maintain an optimal temperature at all times. Stopping at the bathroom to brush your teeth, your toothbrush gathers data about how well you target those hard-to-reach molars, sending feedback through a mobile app letting you know if you’re brushing too hard or haven’t spent enough time in a particular quadrant. 

A long time coming, smart home technologies built using Internet of Things (IoT) devices and systems are already widely available, with countless new systems on the horizon. But the old saying “There’s no such thing as a free lunch” is at play here. There’s no such thing as a smart home that doesn’t come with privacy and security trade-offs. 

After all, the convenience of always-on devices is driven by always-on data collection. Each device and component in a smart home is recording data about how you live your life round-the-clock. And as we’ll discuss in this article, many smart home apps and products are alarmingly insecure. 

Confronting the risks of the Internet of Things

IoT promises that in the near future, we’ll be able to move seamlessly from the office to social events to our homes. A network of smart devices and mobile apps will track everything from our locations to our heart rates and will optimize our environments to maximize our comfort. Having a voice-activated assistant goes without saying, but then there’s the security system you can control no matter where you are, the fitness tracker that tells your thermostat what temperature to make the house when you come home from your daily run, and the refrigerator that automatically adds items to your grocery list based on its contents. 

But there are risks. IoT devices collect massive amounts of personal data. In 2016, 83% of consumers surveyed by TransUnion said they worry about identity theft and cyber threats, and the use of IoT devices exacerbates the risk of becoming a victim.  

To grasp the scope of IoT cybersecurity challenges, think for a moment about the Equifax data breach that impacted at least 145 million Americans. Credit agencies collect an incredible amount of personal financial information, so a breach of this magnitude poses grave risks for identity theft. But just imagine the types of data a network of IoT devices in your home can collect. Those apps and platforms will contain not only payment information, but they’ll record information on when you and your family are in your house, when you go to sleep at night, the types of food you keep in the house, and other very personal – and very telling – details. 

That doesn’t mean we should avoid smart home products or shy away from connective technologies. It means it’s imperative to know the risks and how to protect ourselves, especially as smart homes continue to evolve. 

The beauty of the smart home is that, as in so many other areas of our lives, artificial intelligence is taking the drudge work off our hands. It’s making life a little easier, a little healthier, a little more comfortable. And by augmenting our daily routines, it’s giving us more time to enjoy our homes and spend time with our families. After all, the time we spend cooking, locking up at night, and making grocery lists adds up. Stay-at-home mothers, for instance, spend 23 hours per week – nearly 3 full-time work days – just on housework. That doesn’t even include time spent with their children. Saving time by automating chores like laundry, doing dishes, vacuuming and window-washing with the aid of a smart home device allows them to give more time to their kids (not to mention take a few minutes for themselves). 

Although the advantages of smart homes are many, however, we should be clear on what we’re giving up in exchange for those conveniences. Setting aside security concerns, which we’ll talk about in a minute, there’s the question of privacy. The more smart devices we use, the more information about our private lives we give away. 

Take smart water meters. You probably don’t think much about the information your water meter records about your daily activities, if you give it any thought at all. But utility companies, law enforcement, and even appliance companies can gather surprisingly specific information about what you’ve been doing in the privacy of your own home just based on water meter readings. They can tell which day of the week is laundry day in your household or whether you’ve been running the dishwasher more often than usual. Police in Bentonville, Ark. even used data from a smart water meter to solve a murder case. 

Most people aren’t up to such nefarious acts, and their water usage probably doesn’t reveal many interesting insights. Nor do we want information on our daily dishwashing habits to be publicly available. 

Thinking about privacy in smart homes

As we become increasingly reliant on IoT devices and voice-activated assistants, we must consider who has access to data about our private behaviors. When you’re requesting songs, searching for products, and making appointments using these technologies, you become more aware of the digital picture you’re creating about your home life. And while prominent voice assistant platforms claim only to work when activated by a specific phrase, IoT security has proven shaky in the past, leading some experts to recommend that we err on the side of caution when around these devices. 

Consumers became more aware of the consequences of sacrificing privacy for convenience earlier this year when iRobot’s CEO suggested that the company could sell floor plans gathered by its Roomba devices to third-party buyers. Presumably, those third parties could use these maps of users’ homes in advertising and product development campaigns. Though iRobot assured consumers that it respects their privacy, the issue highlighted just how easily IoT devices can expose intimate details of our lives. 

Even highly personal products such as baby monitors pose security risks. Researchers found serious vulnerabilities in nine prominent baby monitor models, all of which could be exploited to access videos and images from within the home. Perhaps more frightening, Internet-connected children’s toys were also identified as being vulnerable to hackers. Few things are more chilling to a parent than the idea that an ill-intentioned stranger could reach their children through something as innocent as their toys.  

Internet of Things security is a real concern across many industries. In fields such as medical care, there are many challenges to data security in part because old systems simply aren’t up to modern challenges. Developers and engineers will need to build new systems to appropriately address increasingly sophisticated cyber threats. 

The fact that we know that data-gathering devices increase our security risks is actually to our advantage. The baby monitor research was predictive rather than reactive, as was the smart toy hacking tests. White hat hackers are also testing the technology used in computer-assisted vehicles to identify vulnerabilities so engineers can close those gaps before cyber attackers can exploit them. Such preventive and diagnostic measures can help mitigate existing risks, and current research will help companies design more secure products in the future. 

Embracing IoT with an ounce of caution 

Smart homes offer many exciting benefits – and with our increasing reliance on smartphones and other devices, they’re an inevitability. We know there will be growing pains as we transition to this ever-more-connected existence. But if we understand what we’re giving up in exchange for convenience and how we can protect ourselves against cyber threats, we can enjoy the growing range of IoT products with minimal headaches.