How your smart home is vulnerable to hackers, and what you can do to protect yourself
Voice-activated devices, children’s toys, laptops and their cameras, and even TVs can be externally controlled by hackers, allowing them to listen in to your private conversations or bypass your home security
More people are getting voice-activated speakers and other smart devices for their homes. But doing so could also be giving hackers a way in.
Many devices from reputable manufacturers have safeguards built in, but those can’t guarantee against hacks. Gadgets from start-ups and no-name brands may offer little or no protection.
Before buying one, here are some risks to assess.
Speakers with built-in microphones are increasingly popular. Devices such as Amazon’s Echo and Google Home let people check the weather or their personal calendar with simple voice commands. Beyond that, many smart TVs and TV streaming devices now have voice-activated functions, often for playback controls and video search. Many newer toys also come with microphones so kids can talk to them and get canned responses.
Many of these devices are constantly listening for your commands; when they receive them, they connect to corporate servers to carry them out. What if you’re having private conversations at home? Are they getting sent over the internet, too?
In some cases, sound recordings will only leave home when you trigger the device. You might have to speak a command phrase like “OK Google” or press a button to get the device’s attention. Check before buying to make sure a product includes such safeguards.
Some gadgets go further. Smart speakers, for instance, typically have a mute button to disable the microphone completely. Amazon says its mute function involves disconnecting the circuit, so hackers cannot override the intent.
But there’s no easy way for consumers to verify manufacturer’s promises, such as Amazon’s assertion that the Echo never transmits recordings to the cloud unless it’s been activated. That is where it helps to stick with reputable brands, as their reputations are at stake if they’re caught in a lie. Bigger companies can also quickly fix security holes that crop up.
Romanian hackers took over Washington’s surveillance system before Trump’s inauguration, prosecutors say
Missteps are still possible, even with reputable brands. One of the WikiLeaks disclosures alleged that the CIA commandeered some Samsung smart TVs as listening devices even when the TV appeared to be off. And beware of internet-connected toys, as manufacturers frequently rush their products to market, sometimes skimping on privacy features in the process. (You can check online to see if other parents or consumer groups have identified problems.)
Voice commands sent over the internet are typically stored indefinitely to help manufacturers personalise their services (and, potentially, advertisements). These voice snippets may include music or conversations in the background. They can be sought in lawsuits and investigations. Reputable brands let you review and delete your voice history; be sure to do so regularly.
Online security cameras such as the Cam IQ, from Google sibling company Nest, let you check in on your pets or kids when you’re not home. They also typically store video online, so you can see whether your housekeeper actually cleaned the kitchen last week. Some services routinely send video to online storage; others do so only when triggered by a sound or motion.
Again, reputable brands are likely to take security seriously, but no system is perfect.
If you want to be very careful, you might want to turn the camera to face the wall when you’re home. You might also want to turn off the microphone, since it could capture background conversations. Or just unplug the camera altogether … though you’ll also have to remember to reconnect it when you leave.
Along similar lines, consider covering up the front-facing camera on your laptop with opaque tape unless you need it regularly for video chats. Laptops aren’t supposed to send video unless you activate an app that needs it, but malware has been known to activate the camera remotely.
Smart locks allow you to unlock doors with an app, so you can let in guests even when you’re not home. Burglars might try to hack the system, though it’s often easier for them to just break a window.
Five easy-to-use gadgets to create your dream smart home – from an intelligent front door to light with a choice of 16 million colours
Some rental properties are also turning to smart locks to control access. When you move out, the landlord can automatically disable your digital key. But these systems also let landlords track your whereabouts and those of your guests. If you create a guest key that’s used daily, for instance, the landlord might suspect you have an unauthorised occupant.
Even if you own the home, these keys can leave a digital trail. In a child-custody dispute, for instance, your ex might subpoena the records to learn that you’ve been staying out late on school nights.