Copper Horse’s Mobile Security Intern, April Baracho looks at some data privacy issues for the Internet of Things in homes:
Smart homes are changing the way we live. More efficient power consumption and connected appliances that communicate with one another are increasingly becoming a reality in many homes. From door locks to thermostats to remote controlled lighting, every aspect of the way in which we interact with home appliances is changing. The key question: Is it for the better?
In many ways, our lives could be much easier. Waking up in a smart home might very likely mean that you have a pot of coffee brewing in your kitchen as soon as your alarm goes off. Your smart thermostat will adjust the room temperature as it senses you leaving your bedroom to conserve energy and you could even set your music player to play your favourite tunes as it detects you entering the shower.
The virtual holes in the walls of Smart Homes
Apart from offering enhanced usability and control, smart homes collect and analyse a lot of user data. Every new household appliance connected to the internet generates more data about the user’s patterns and behaviour creating yet another digital trail of personal details. This data is more than likely to be stored in some company’s servers and could easily fall into the wrong hands.
With increased connectivity comes an exponential increase in the threat surface. A case in point is the recent spate of hacks into home networks via internet facing devices installed in the home. Weakly secured baby monitors allow hackers undetected free access to their victims’ lives. Aside from this invasion of privacy, devices that transmit location data (for example over social media) could enable easy tracking of the physical location of the owner’s home. The ability to remotely view home data could be used to monitor user presence in the home as part of a burglary attempt. Public information of this sort is already used against celebrities. One example was the robbery of football pundit Ian Wright’s home in London whilst he was commentating in Brazil during the world cup. Additionally, once access to a smart object has been gained, there’s little to stop a hacker from gaining access to the rest of the home network. And many a time, this is the key goal of a hacker to begin with.
Collection of data by… who?
As appliances and wearables become more ingrained in our daily lives, it is important for users to be cognizant of what data they’re putting out there. As an owner of a smart refrigerator, one would be happy for it to print out a grocery list, but how would you feel if this data was also being shared with life insurance firms? It has been reported that this situation is not far from reality. Your shopping habits could have a huge impact on insurance premiums. This shopping data is already collected and analysed by insurance firms to get an insight into your lifestyle and determine how much of a risk you pose so it is not unreasonable to expect them to enhance that data with information gained from the smart home. Data privacy laws tell us that personal data collection must be limited and not be shared with anyone without active user consent. Are these laws being adhered to then and is there an opt-out that we aren’t even aware of?
Just ignore the small print; it’ll be ok, right?