Internet of Things (IoT) technology
The Internet of Things has revolutionized many industry’s, however Cyber security is a very different challenge, one that many manufacturers have failed to address. And yes, you should be concerned about what data is being captured and where and how it is stored.
PERSONAL ASSISTANTS – Your technology is listening
With Alexa, Siri, Cortana and Google’s Home assistant in many homes these days, and knowing that some of the technology is listening and recording, who might be able to exploit that? Those who choose to use this technology can’t and shouldn’t expect 100% privacy. If not for the ability of Amazon Echo and Google Home to listen, these things would become nothing more than door-stoppers and paperweights.
The Amazon Echo answers to the name of Alexa and will play music and answer simple questions on voice command. It also records what you say and sends that recording to a server.
- Not currently using your Echo? Mute it The mute/unmute button is right on top of the device. The “always listening” microphone will shut off until you’re ready to turn it back on.
- Switch the Phrase – You can switch up the activation phrase.
- Erase old recordings If you use an Echo, then surely you have an Amazon account. If you go on Amazon’s website and look under “Manage my device” there’s a handy dashboard where you can delete individual queries or clear the entire search history.
- Set up a PIN to protect unwanted purchases ordered by your kids or anyone else who wants to try and order something from your Amazon account. Go to Voice Purchasing from the Settings menu in the Alexa app and you can set up a PIN or disable voice purchasing altogether. Any PIN you configure has to be spoken out to confirm a purchase through the Echo.
- Mute it as with the Echo, there’s a physical mute switch on the front of the device which can keep TV ads and toddlers from accidentally triggering a search.
- Disable “personal results” from inside the Google Home app: tap the Devices icon, then the menu for your Google Home, then Settings. Tap More then scroll down to find the option—once turned off, no one else can tap into your calendar, throw your photos over to a Chromecast, make payments through your Google account, and so on.
- Review Voice search history For Google Assistant, go to myactivity.google.com. That’s also where you can delete your voice requests, if you don’t want them lurking on corporate servers somewhere. Click on the three-dot line in the upper-right corner, then Delete activity by. From there, you can set a date range—today, yesterday, last 7 days, last 30 days, all time, or custom—and the service whose interactions you want to nuke. Click on All products, then Voice & Audio, then hit Delete. You’ll get a pop-up that asks if you’re absolutely positively sure you want to go through with it. Click OK, because you do. Then do the same for Assistant while you’re in there, just to be thorough. (There are 19 additional categories, ranging from Ads all the way down to YouTube, if you want to linger and take stock of just how much time you’ve spent with Google lately.)
Google Home’s new voice recognition should be enough to keep your private stuff private and protect against any unwanted accidents, and it’s likely only a matter of time before the Echo gets the feature too.
TOYS – Hackers can spy on your kids
The My Friend Cayla doll, which is manufactured by the US company Genesis Toys and distributed in Europe by the England-based Vivid Toy Group, allows children to access the internet via speech recognition software, and to control the toy via an app. Germany’s telecommunications watchdog has ordered parents to destroy or disable a “smart doll” because the toy can be used to spy on children.
The vulnerability in the CloudPets toy was exposed in February 2017 by Paul Stone, a security researcher. More than 800,000 customer records and 2 million audio recordings were left on a database that was neither password-protected nor behind a firewall, allowing malicious parties to repeatedly access the data and ransoming the company.
The Toy-Fi Teddy and CloudPets toys had the same vulnerabilities as My Friend Cayla, Able to play voice messages through the toys and listen to children’s responses. The Bluetooth connection has not been secured, meaning you don’t need a password, PIN code or any other authentication to get access. In addition, very little technical know-how was needed to gain access to the toys to start sharing messages with a child.
Another Bluetooth Protocol hack can provide custom audio selections that can be transferred into the Furby’s memory using a program, designed by Jeija, called fluffd. It enables the toy to quote from any source: Star Wars, Donald Trump, Martin Luther King Jr.—you name it, Furby Connect can say it.
OTHER IoT DEVICES
The list of IoT devices keeps growing daily and there are hundreds of different devices on the market, so do your due diligence and research your next device to make sure you have an understanding and awareness of the product to know what privacy your allowing it to have. If you’re dealing with sensitive data or you’re concerned about privacy, then make sure you have a long hard look at the IoT devices you’re considering. What security protocols do they support? How easy are they to patch? If it doesn’t need to have Internet access to function just leave it off your network.
Below is a list of some of the home automation IoT devices.
2. Amazon Echo
5. Belkin WeMo
9. Elgato Eve
16. LG SmartThinQ
18. Netatmo Welcome
21. OSRAM Lightify
22. Philips Hue
33. ATrack trackers
36. DorsaVi ViSafe
40. Meshify NOW
41. Rethink Robotics
43. Samsara Sensors
44. Tachyus Sensors
Looking to control all your devices from one app, check out some of these Apps.
3. Do by IFTTT
The Internet of things is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to connect and exchange data. Wikipedia