The proliferation of smart home devices, while offering convenience, significantly increases the risk of data exposure and security breaches due to inherent vulnerabilities in their connectivity and data handling practices.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
There are currently nearly 19 billion
smart devices worldwide. Chances are you
probably have one in your home. From
robot vacuum cleaners to smart
refrigerators to security cameras and
baby monitors, internet connected air
fryers. Having everything in your home
connected to Wi-Fi just means there's so
much more risk of hacking and attacks
and your data essentially just being
exposed through people who want it.
Today we'll do a deep dive into the
security of smart home devices and we'll
chat with Wired senior review editor
Julian Chicatu to discuss the pros and
cons of bringing smart devices into your
home. This is incognito [Music]
[Music]
mode. One of the most convenient smart
devices out there is robot vacuums. What
am I kind of opening myself up to when I
put one of these devices in my house?
You know, you have this robot that's
going around your entire home and it
creates an entire map of your home. The
convenience is that you can then say,
"Hey, can you go clean the kitchen
specifically, but that is data that's
stored by the company and you would want
to check how that data is stored." A few
years ago, it was reported that images
leaked from an iRoot vacuum cleaner,
such as a woman sitting on a toilet,
were sent to a third party for labeling
and testing. But eventually, they made
their way onto Discord and even
Facebook. From that leak, we know that
iRoot was capturing images not just to
map out the house, but also to identify
everything in the house, such as a base
or a couch. This is a prime example of
how the data that these companies
collect can be used in ways that you
might not expect. You definitely, I
think, would want to just avoid using a
camerabased system just because it does
open up the risk of it capturing the
actual mapping data of your home. Yeah,
absolutely. I mean, I can imagine how a
robot vacuum company would sell that
data to marketers for home decor or, you
know, couches and things like that.
Nowadays, some companies are using LAR
to map out your home rather than a
camera on it. to that the robot vacuum
knows where to go. How's the technology
evolving? Is there anything new that
you're seeing coming out? Yeah, this
past CES actually there was a company um
that basically debuted a robot vacuum
that has a little arm that comes out.
The camera on the actual robot vacuum
can detect socks, for example, and it
has the capability to go over to them,
grab it, and put them in a specific area
so that it's not disrupting the flow of
the robot vacuum as it cleans your home.
There was also something about
potentially a little laser pointer that
could help entertain the cat so that the
cat's not disturbing it. You can then
theoretically also imagine what other
things are going to be coming to that
sort of a type of a device that roams
your house, right? Some new ones are
trying to do stair climbing capabilities
so that they can go upstairs so that you
don't have to physically move your
vacuum up and down. It has that
potential to sort of be that futuristic
AI butler that maybe we've seen in in
shows in the past. That also obviously
is going to open that category up to a
little more scrutiny in terms of what
exactly it's capable of. And if it can
pick up a sock, maybe it can pick up a
knife. The the dream of having a robot
butler is potentially coming true. We're
just going to have to sacrifice our uh
security and potentially our privacy to
get that future. I think that was a
given though in general from all the
I'm sorry, Dave. I'm afraid I can't do that.
Smart TVs are doing a lot more than just
playing your favorite movies and shows.
They're also collecting a massive amount
of information. Many TVs nowadays
include something called automatic
content recognition or ACR. Researchers
found that some ACR systems capture
48,000 snapshots of what you're watching
per second. Yeah, I think today it's
probably very hard to find a very
high-end TV with no smart features. By
default, most TVs today have those
streaming apps built in and some casting
capabilities as well. They're also more
comprehensive in how they're tracking
what you watch and the data that they're
collecting, taking snapshots of what
you're watching all the time. I mean, I
understand why the companies would want
to do that, but I don't understand how
that really benefits me at all. So, in
general, you know, TVs are becoming more
and more of an ad platform, even though
you might think that cutting the cable
cord was all about getting away from
advertisements. That's all sort of
coming back. Like more streaming
platforms than ever now have some type
of a ad tier that's slightly cheaper if
not free. But of course, there's like a
separate part of it whether they're
sharing that data with third parties so
that Netflix can understand and know
that like, oh, people liked this,
they're actually watching this. That's
something that companies want that data
in terms of just who is watching what
and um for how long and what you're
doing on your TV in general. ECR might
even work with dumbed down devices. So,
it's not even just connecting a
streaming sticker, for example, or using
an app. It's connecting a Blu-ray player
and putting in a DVD. You might think
that might be completely fine and
offline, but apparently company might
still know that you were watching uh
Titanic for the 15th time on DVD. What
are some ways to make sure that your
data is protected if you do have one in
your house? You might be able to, I
think, delete your advertising profile
so that they don't have like a visual
understanding of what it is, who you are
in terms of your tastes and the ads that
they want served to you. But a lot of
that is also somewhat hidden and not the
most obvious places. Always, you know,
it's something I do a lot. I hop into
the settings of almost everything I test
and just take a look at what
capabilities are there, what features
are there, but also, you know, what
permissions does this service need? I'm
a tech journalist and I still find menus
on my TV to be kind of baffling and you
might not know that's even there or
that's even an option or that this data
is being collected in the first place.
It's worth going through those settings
and definitely trying to make sure that
you're understanding at least what it is
that it's collecting about you.
So the voice assistants, they're always
listening. The mic input is on, but they
only start recording once it thinks it's
heard a wake word and then that audio is
captured. A large part of these voice
assistants on these smart speakers is
connecting to other smart home devices,
right? So, the whole purpose behind them
was um if I'm going to get smart shades
or if I'm going to get a security camera
or a smart thermostat, I can just say,
"Hey, set the thermostat to 68 or hey,
can you close the shades in the
bedroom?" But obviously, you've invited
a thing that is constantly listening.
Yeah, it's one that I really struggle
with because it is so convenient and you
know, especially if you're a person with
mobility issues, it allows you to do
things you might not otherwise be able
to do, but it really creeps me out. I
had one for a while and I decided after
it stopped working to just not try to
make it work anymore. And there are some
things you could do um like there are
usually physical mic switches on these
smart speakers that allow you to turn
off the mics when they're just not in
use. But then it kind of goes against
the whole purpose of like being able to
just quickly ask a question if you have
to go to the device and turn on the mic.
But it's just what you're willing to
accept in terms of security. Even if you
had certain privacy protections when you
bought a smart speaker like an Amazon
Echo, you don't necessarily know if
those protections are going to change.
For example, Amazon updated its terms of
service so that users of its Echo
devices can no longer opt out of sending
their voice recordings to the company.
It might not seem like there's been a
lot happening in the space, but there's
actually now going to be another bit of
a wave I think in terms of these devices
because uh now it's all about
incorporating artificial intelligence.
For example, Google is upgrading a lot
of its Nest uh products with Gemini, its
large language model, so that it can
understand things like the ability to
recognize a FedEx driver coming up to
your doorway and then you later on
asking, "Hey, did FedEx come by today?"
Because large language models have large
data sets that they can train on,
they're now capable of that more natural
free flowing conversation, which might
mean that there are going to be new
devices that people might want to
upgrade to, or those capabilities might
come to older devices. That's a perfect
example of how these risks can be
introduced when you get a device. It's
like you might be getting a device with
certain features and certain settings
and then things change or the company
gets sold and you don't necessarily have
control over your data in those
situations. You know, if you have an
older Alexa device and you don't want
your recordings being sent to Amazon,
you basically just have to decide
whether you're going to keep that device
and keep using it at all. [Music]
[Music]
Smart locks. The selling point is you
don't have to necessarily carry your
key. Although I highly recommend if you
have a smart lock to still carry your
keys because they rely on batteries. You
can even share your passcodes with
family and friends so that they can
enter your home if you're away. They
need to check on a dog. But there are
more risks because now you've put the
keys to your home in a digital platform
and that you know that just might not be
great uh from a security standpoint. If
something does get hacked, someone could
theoretically enter your home or at
least capture like if your smart lock
has a camera on it or a microphone,
could capture some data from that as
well. It's kind of ironic that something
that's like literally for security could
then be less secure just because you're
adding these more convenient features.
Yeah. I mean, a lot of locks have the
ability to auto unlock as you approach,
and that most of the time relies on your
phone's location, which means when you
enter a specific area of your geoenced
area of your home, it the door will
unlock. That I feel like to me at least
seems like a potential data point that
someone would love to have if they
wanted to target you specifically. There
are some security standards you can
probably look for. Are they following
AES 128bit encryption? Is the app
two-factor authenticated? How physically
capable it is as a lock? Whether it's a
retrofit over your existing deadbolt, so
it might not change the entire hardware.
That might be better than something that
completely replaces your hardware,
especially if it's from a company that
doesn't have a history of making locks,
but also making sure that the company
has a good track record in following
best practices to keep your data secure.
Another issue that kind of applies to
all these smart devices is them going
out of date and just not getting
firmware updates and then you need to
replace the whole thing. Once you've
installed a lock, you're not going to go
out and install another one anytime soon
or you hope you hope that you don't have
to. Yeah. And a lot of capabilities are
usually updated through the app itself,
but obviously as you said, it's one
thing to make sure that you know,
especially if it's been 10 years or so
since you installed a smart lock,
probably just check that there are
security updates still being issued. Do
companies stop issuing software updates
or or security patches because there's
some good reason for that or are they
just trying to get you to buy another
one of their products? I mean, I think
companies have it in their power,
especially big companies, to offer
significantly longer software update
cycles for, you know, these kinds of
devices. Whether there's also an element
of planned obsolescence and they want
you to upgrade to the next thing, I'm
sure that is definitely also a big part
of it. That's kind of why we encourage
people to look at some of the bigger
brands because if anyone is going to at
least support uh a product for something
like a decade, it's probably the company
that has those resources. Definitely, we
could stand to ask and force companies
to require that some of these products
that especially you don't expect to
change that often should get support
companies are sort of pitching again
convenience in terms of a Samsung smart
fidge might have a display on the
outside that's basically a tablet and
you might be able to leave sticky notes
for everyone in the house or you might
be able to even play YouTube videos to
follow recipes along but also in the
inside they could have cameras and
cameras could be used to detect the
types of things that are inside your
fridge so that you can even look at
remotely into your fridge like here when
I need to check the milk situation and
it's true it is some of that is
convenient, but especially with
something like their family hub line of
refrigerators where there's a display on
the outside, you have to know that like
you're probably going to have to sign in
YouTube, Instagram, whatever it is you
want to have on this like essentially a
tablet display. All of that is now under
the protection of what this fridge brand
is doing to keep your data secure. make
a really great point about it being
another point of failure and just kind
of introducing complexity uh into your
life and thus risk because it's designed
it can be hacked. Yeah, I don't think
there's a lot of people that are going
to hack your fridge and look at what is
in your fridge, but it does mean they
might get other compromising information
from you, right? It's not just big
appliances like refrigerators and stoves
that are connected to the internet. It's
almost everything from coffee makers to
toasters to even air fryers. One report
found that some air fryers were
automatically collecting personal data
and sending it back to the company.
Others were asking for things like
gender and date of birth. There's a
whole other side to it as well in terms
of like repairability and long-term
durability of if there's a screen and
there's a screen is the only way for you
to, you know, interact with your oven.
What happens if you accidentally drop a
cast iron pan on it and now it's broken
and now you can't really configure your
oven or you can't interact with it. Now
you have to spend that money to get it
repaired. it's going to be more
expensive. And also in terms of just,
you know, how long it's supported for
over time, if a particular feature
breaks and the only way to interact with
it is through the software, but there's
a glitch and a company's not going to
update it anymore, uh, now you have
fewer options in what you can actually
do outside of just dumping that entire smart
oven. Security cameras obviously have to
be recording. Usually, companies offer
some type of a cloud-based plan where
you can store video data for 30 days,
for example, and after that, it's
deleted. Some security cameras also let
you record directly to local storage,
although there have been certain
incidents where what was promised as
local storage ended up also accidentally
uh going to over the cloud. You also do
want to make sure any video that is sent
over to the cloud for, for example, the
convenience of being able to look at
your footage from a remote location when
you're not home that it's encrypted so
that people can't just look at your
streams. Storing the footage locally is
definitely better for privacy, but it
also you have to have the technical
knowhow to secure that storage. If
somebody did want to target you for some
reason, then they would be able to
potentially gain access to hundreds of
hours of footage of your family or
whatever you've pointed the camera at.
Right nowadays, security cameras aren't
just also cameras. They have algorithms
and facial recognition features. So,
there's that other aspect of the data
that they're collecting. You know, now a
big new thing that a lot of these
companies are trying to pivot to is
using artificial intelligence so that
you know, you can just ask your Google
Home app or your Alexa, hey, did FedEx
come by today? and it'll have understood
what is a FedEx employee, what they
generally look like, what the clothes
they wear is if they're holding a
package. And you can even ask things
like, uh, is there a package for me at
the front door? You can even add
people's names if you really want in
terms of like, oh, oh, that's my wife.
Britney is at the front door. I didn't
know that they are building facial
recognition and image recognition into
these home devices that extensively. And
that's quite frankly terrifying. Yeah. I
mean, a lot of that I believe is
completely on device and local. So I
don't think that information is being
shared. The idea is that because a lot
of them will say person detected, right?
They have person detection, animal
detection. Instead of just getting these
arbitrary person detected, which might
not provide you much value, it might be
more helpful if it says XYZ came up to
your front door and that person's a
friend. I think that's a really great
example of how these privacy erosions
happen. a company builds in a a new
feature that solves like a minor problem
or makes it, you know, 10% better, but
then you've introduced this new
acceptance of just having facial
recognition everywhere and everyone is
then just like, yeah, that's just how
cameras work. It's just that's becomes
the norm. So, Ring is another big part
of all of this. They weaponized in some
ways their uh video doorbells and
security cameras by sharing information
and footage with local police
departments in the past. That's really
how Ring was built was by going to local
police departments, giving them the
ability to offer people in their
community deals through the police
department to buy Ring cameras. And then
in turn, Ring had really close
relationships with police. They had a
specific feature uh that allowed
somebody to share their footage directly
with the police department. Solving
crime is great. Every nobody wants
crime. The issue is that it really
rapidly indoctrinated people to just
constant corporate surveillance. I
worked on one investigation several
years ago where we were able to map
every Ring camera in a specific area and
we were able to see like if a child is
going to walk to school, they're going
to pass 75 Ring cameras and they're
going to be just subjected to this
surveillance and that data is collected
by a corporation. Ring is owned by
Amazon and you know, we don't know
necessarily what that footage is going
to be used for. And I think it's more
just becoming comfortable with making
The convenience of that Wi-Fi capability
in baby monitors is basically the
ability to remotely look at and monitor
your baby even if you're not at home,
like if you have a nanny uh taking care
of the baby. You can check on the baby
yourself if you're away. But obviously,
all of that introduces all of these
potentials for violating your privacy.
There was uh a story of like a woman who
found that there was some stranger
whispering through her baby monitor, and
that's that's terrifying. That's creepy.
So, while security cameras and baby
monitors are very similar in terms of
their functionality, there's some
reporting that shows even the best Wi-Fi
connected baby monitors are less secure
than regular security cameras. You know,
a lot of times you see companies that
make something that's not historically
Wi-Fi connected and they start adding in
those capabilities. They just don't have
the team that knows how to add the
security measures. And so, they just
haven't invested in security as the top
priority as they add new features or new
capabilities. A lot of these smart home
devices, especially something like a
baby camera, like when you're setting it
up, you would want to make sure that
there is a two-factor authenticated
method of signing in securely so that
even if your your password is
compromised, a threat uh actor can't hop
in and just willingly access everything.
They would need a secondary device for
you to authenticate that it is you. That
should apply to every device or app that
you can possibly add to factor to.
Definitely do that. You know, I'd say
it's one of those situations where you
kind of really have to look at the risk
versus reward. And I think taking the
steps to make sure your baby cam is as
secure as possible is really imperative
because it's monitoring the most
life. Smart thermostats are great. They
can lower your energy bill and tell you
if something's wrong in your HVAC
system. But they also collect a ton of
sensitive data like when you go to
sleep, when you're away from home. If
that information is accessed by hackers,
that could tell someone when they should
break into your house. It's also
probably being collected for advertising
purposes. What coffee company wouldn't
love to know exactly when you wake up?
To serve you an ad for their brand of
brew. You know, the convenience is that
you can set your temperature from
wherever you are. You don't have to go
to the product itself. You can even have
functionality like uh understanding when
you're not home and it'll then
automatically lower temperatures or
maybe even turn off uh certain systems
so that you're not wasting energy. Some
of that is is based on location data
with your phone maybe. For example, uh I
think Google's Nest thermostat now has
radar in it, so it understands when
you're approaching it, the device lights
up with all the information. There are
smart thermostats that have voice
assistance built in, like Alexa, for
example. But I think it might be good
practice to just let that be handled by
an actual hub or something else, and let
your um smart thermostat just not have a
microphone or a camera. The benefits
outweigh kind of the risks. I think for
me in with this one, except for the fact
that they are another entry point for a
hacker to gain access to your network, I
would say buy the ones that have the
fewer features, don't have the
microphones, don't have voice
assistance. Making them as simple as
possible while still getting the
benefits of having a smart thermostat,
uh, is probably the way to
go. A router is not really a smart
device. It's just the thing that
everything in your home is going to
connect to. Routers are one of the most
attacked devices because they serve as a
gateway to the rest of your network.
They're also really lowhanging fruit.
Most people don't change the default
password and so hackers are able to get
that information or crack those
passwords and get into your network. If
a hacker gets into your Wi-Fi, they can
see anything that's connecting to the
internet attached to your network,
potentially collect unencrypted
communications, and they may be able to
gain access to the devices and the data
that your devices are collecting. So,
studies show that most people don't
change the password on their routers.
What really is the worst case scenario
in that situation? I'd say the worst
case scenario is that someone gains
persistent access to your network, those
devices, and potentially any data that
those devices are collecting or monitor
you in the way that you're monitoring
yourself. Routers are kind of the window
into your home. Usually, it's you
looking through that window by your
smart fridge app or your smart toaster
or whatever it might be. In this case,
the router is the entry point for
anybody who is trying to gain access to
your network to gain access. And so
that's why the security of your router
is just as important as anything else,
if not more important. So, one of the
issues with routers is that you have to
replace them occasionally. Can you tell
me why that is? Like, why would I have
to trade in for a new router? There's no
law that says, uh, hey, a router should
be updated or kept updated for 10 years.
there is a story of like you know Wi-Fi
itself there's new versions coming every
few years so right now the latest
generation is Wi-Fi 7 um so there are
better security protocols in Wi-Fi 7
versus Wi-Fi 5 right so there are
genuine reasons that you would want to
stay on the latest hardware and while
newer routers are backwards compatible
with older um Wi-Fi standards uh you
won't be able to access those improved
security measures without actually
upgrading to a Wi-Fi 7 router for example
If you're looking to buy a smart device
and you are thinking about your privacy
and security, what's some advice you
have for people for what to look for or
what to avoid? You probably want to
stick to some well-known established
brands. They have a better track record
and the resources to have a security
team to have security practices and
follow the best uh approach being able
to patch and quickly update devices if
there is a security breach. It's not
about if your company's product gets,
you know, hacked. It's about when. And
one other thing you could also do is,
you know, when you're shopping for a
device, do you really need the X
feature, right? Like checking to see if
your robot vacuum has LAR, for example,
which is what cars use rather than a
camera on it. A security camera. Should
you buy one with a privacy shutter so
that you don't have to keep unplugging
it every time? Look at all the features
that the product provides. If there's a
genuine need for something like that
Wi-Fi connectivity, which it enables,
um, then is there a way to at least
mitigate that type of risk by opting for
technology that is a little more privacy friendly?
friendly?
Here are six things you can do right now
to make your home more safe if you use
smart devices. First, use a strong
password and definitely make sure you're
not using the default password that
comes with your device. Make sure you
turn on two-factor or multiffactor
authentication whenever available.
Always make sure your software is up to
date on both your companion apps and on
the devices themselves. Make sure your
router is secure. That means changing
the password, changing the network name,
and upgrading the connection to be
encrypted if possible. Do your research.
Make sure you're getting them from a
reputable company that has a good track
record with handling your data and
dealing with data breaches. Set up
separate Wi-Fi networks. That way, your
laptop and other sensitive devices are
not connected to the same network as all
your smart devices. This was incognito
mode. Until next time. [Music]
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
