Smart Appliances & CyberSecurity

Smart Devices

And so, the season starts.  Which one is it that we’re referring to?  Cyber Monday, Black Friday, Prime Day…all of these sales tend to lean towards exceptional deals on electronics, and today that means smart appliances are being purchased and set up in our homes.

By getting the latest and greatest, are we inadvertently putting a spy in our home? Do smart appliances have the ability to hear and see what we are doing?

The answer is a little complex, but there are aspects of these devices that all consumers should be aware of.

First, these are not designed to spy on you.  But when you allow access to any program, person, or company into how you live and work, you are providing them with data.  This is not new.  Every time you check a box or fill out a form…whether it be at the doctor’s office or on your smartphone, you are providing data.  That data is used to learn habits, tendencies, behaviors, choices, and a variety of other things that are then used in marketing and consumer research.  These “smart appliances” are not doing anything new.

What they are doing is creating a portal of entry to themselves that hackers may access to manipulate you.  An extreme example of this was when Martin Hron hacked into a smart coffee maker to use the machine to demand money.  It should be noted that the company has since updated its security measures.

What About That Assistant?

Products like Amazon Alexa and Echo, Apple’s Siri, and Google Assistant use ‘wake words’ to activate and ready themselves for a reaction.  It was originally thought that ONLY after the wake word was said, your conversation was recorded, but it was discovered that they are generally listening all of the time when turned on.  Yes, you can modify your files, but the data remains somewhere and is being used by someone.

While your refrigerator may provide online access, what information is available will vary with how you use it, and what the capabilities are.  We can go down a rabbit hole of what-if scenarios with the Internet of Things (IoT), but what we should address above all, is the human factor in all of it.  When you register your device and create that online account – even if you do NOT use the Wi-Fi capabilities that come with your kitchen or smart tv devices, you are providing hackers with account credentials.

“Who is going to hack my stove account and who cares if they do? Good, I hope they cook me dinner…”

It’s not that simple.

Your simple username and password combo could be compromised, leading hackers to find out far more information than what your last meal was.  It isn’t that data that they want, it is the credit card that is stored to linked accounts, or the password that gets them into your bank that is the same as your dishwasher registration.

Collecting data is one thing that you should be aware of, but if you are worried about one platform, you should be aware of all of the platforms that provide access.  However, collecting credentials is a whole other beast that you really need to be aware of above everything else.