Are you being watched? How smart gadgets can ‘spy’ on us
How often are you home alone? If you own a smart gadget — be it a TV, a smart speaker or a mobile phone — then let me answer that for you: never, writes Nigel Carson.
Clap your hands and the lights come on, ask Siri for some music and music is delivered.
There is no doubt about it: smart home gadgets and devices have revolutionised the way we live, with common appliances and entertainment devices now fitted with technology to see, hear and speak to us.
Late last year, The Washington Post reported the frightening hacking of a baby monitor in a home in Texas. The parents woke to strange sounds from the baby’s room and found, much to their horror, a voice from the camera swearing abuse at the parents, and claiming to be a person in the baby’s room and threatening to kidnap the baby. The baby monitor was a form of Wi-Fi camera that, without proper configuration, could be located and hacked through the internet.
In 2017, the national German regulator labelled the readily available and popular “My Friend Cayla” children’s doll as “an illegal espionage apparatus” and recommended that parents destroy it. Hackers had allegedly been able to access an unsecured Bluetooth device embedded inside the doll, enabling them to listen to and talk to a child playing with it.
Millions of smart TVs in family living rooms and bedrooms have microphones and cameras that can spy on you. In 2013, hackers at a black hat conference demonstrated they could remotely take control of a smart TV to use the front-facing video and built-in microphone. WikiLeaks also exposed the CIA for using a tool called “Weeping Angel” to infect smart TVs, turning them into covert surveillance devices.
Any device that connects to the internet that can listen or see is a potential spying device, allowing complete strangers, often in distant countries, to invade your home.
Even if a device has no microphone or video camera, what else might hackers be able to do?
In July 2017, a casino fish tank with internet-accessible sensors to control the temperature, cleanliness and food distribution was hacked via a vulnerability in the thermometer.
Hackers then used the fish tank as a launch pad for further attacks, gaining a foothold on other computers in the wider casino Wi-Fi network, enabling the exfiltration of huge amounts of data (including high-roller profiles) to a device in Finland.
The upshot is: Be careful what you bring inside your home.
Here are some tips to help you stay safe and reduce the risk of privacy breaches in your home:
- Research the devices and any known security risks.
- If devices connect to Wi-Fi or internet, identify what data may be sent and any privacy waivers you passively agree to by using the device.
- Configure any devices with robust passwords, disable any connectivity you don’t use or need, and turn them off at the plug when not in use — this also saves electricity!
- Use a home router that shows how much data each of your devices is sending and receiving to identify rogue activity.
Nigel Carson is a partner at KordaMentha Forensic.