Household spies: Are you paranoid, or is your robotic vacuum cleaner spying on you?

It seems like pretty much every smartphone user has a story about being flooded with ads for, say, Cancun vacations, after having mentioned Aztec pyramids in a casual conversation with their iPhone lying around. Or after admiring their neighbour’s Labrador pup, they’d be bombarded with online sponsored content pushing everything from puppy-themes socks to dog food. If you’ve noticed that ads strongly influenced by your day-to-day habits regularly appearing on Facebook, Amazon, Google and Instagram and started thinking that you’re being spied on, we’ve got some bad news. You’re not paranoid, because this is precisely what’s happening.

targeted advertising
Targeted advertising is just one way your interests, preferences and daily convos are being used to maximise profit and gather as much information about your consumption patterns as possible/Morning Brew via Unsplash

To collect data your devices’ onboard microphone is recording soundbites, sending them to distant servers where, in turn, they’re being analysed and used for marketing purposes. And the smartphone isn’t the only device that’s tracking your every word and move. Many people have welcomed Amazon’s Alexa and other voice-activated virtual assistants into their homes. Russian hi-tech company Yandex launched an AI assistant for Russian-speakers called Alice three years ago, and it’s gaining popularity. Both Amazon and Google, provide a similar service called Assistant, have admitted to letting their human employees listen to recorded conversations to improve the systems.

Siri app for iPhone and Apple Watch is even more pervasive, because, unlike Amazon and Google that let their users opt-out of specific uses of their recordings, the only way to stop Siri from recording you is to deactivate it completely.

Last year’s report from the Guardian quotes an unnamed whistleblower working for Apple, who claims that “There have been countless instances of recordings featuring private discussions between doctors and patients, business deals, seemingly criminal dealings, sexual encounters and so on. These recordings are accompanied by user data showing location, contact details, and app data.”

But if you think that disabling Siri and getting rid of Alexa could put an end to your privacy worries, think again. Pretty much every “smart home” piece of technology you own – from a robotic vacuum cleaner to your Smart TV – is collecting data about you. In reality, any device equipped with a communication module that can receive data is capable of sending it. The question is, what kind of data will it share and with whom. Even if your loyal devices haven’t been up to anything evil, should the networks they are using get hacked, the information about your habits and behaviour could fall into the hands of individuals or corporations working towards rather nefarious goals.

woman and smart tv
A shopper carries a Smart TV during the kick-off of the 'El Buen Fin' (The Good Weekend) holiday shopping season, at a Walmart store in Monterrey, Mexico/REUTERS by Daniel Becerril

These days everybody seems to be super concerned about their privacy: we use encrypted chat apps, sign non-disclosure agreements at work – some even tape over their laptop cameras. Yet, on the other hand, we’re eager to let gadgets into pretty much all aspects of our lives. No wonder they get to know us better than we might want them to.

Perhaps, we should finally start paying attention to what we’re saying around Wi-Fi enabled fridges and light bulbs? Or it’s just a natural course of events that we mustn’t fuss about?

Fuss or no fuss, the former CIA director David Petraeus predicted it would come to this as early as 2012 – and he knew what he was talking about. “The current ‘Internet of PCs’ will move, of course, toward an ‘Internet of Things’— of devices of all types — 50 to 100 billion of which will be connected to the internet by 2020,” said Petraeus. He also warned, rather obviously, “items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters—all connected to the next-generation internet using abundant, low cost, and high-power computing…”

alexa eavesdropping
Alexagate is a new ultrasonic device that jam your Alexa's mic using seven ultrasonic speakers thus preventing it from eavesdropping/ https://alexagate.com via Unsokash

Indeed, household appliances big and small - from dishwashers and coffee makers to thermostats and video doorbells - all now connect to the internet. By design, it’s supposed to help with troubleshooting, improve energy efficiency, and enable us to give orders to our hi-tech slaves over the phone, computer or tablet. But in reality, wi-fi-enabled devices can be – and are - a gateway for hackers and crooks of all kinds. You may have never thought about it, but even high-end models of robotic vacuum cleaners are capable of collecting data as they clean, identifying the locations of your walls and furniture, and creating a map of your home. There have been rumours that iRobot, the manufacturer of Roomba vacuum cleaners (now compatible with Amazon’s Alexa voice assistant) considered sharing the data with third parties with customer consent.

alexa rules roomba
Prompts on how to use Amazon's Alexa personal assistant are seen as a wifi-equipped Roomba begins cleaning a room in an Amazon ‘experience center’ in Vallejo, California/REUTERS by Elijah Nouvelage

One of the ways wrongdoers might get easier access to your homes is by hacking household appliances. Unlike computers and smartphones, household devices — often outfitted with cameras and microphones and using facial recognition technology — are by and large poorly secured by their manufacturers. Last year the FBI went as far as to warn Smart TV owners not to rely on factory security settings of their devices, but instead reset access passwords and limit the use of personal information, if possible. “At the low end of the risk spectrum,” said the FBI, “they (i.e. wrongdoers) can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you.”

Getting goosebumps yet? Now, what if a security system allowed potential intruders to watch you through security cameras installed throughout your own home? Or what would your reaction be if you realised that some screwed-up hacker is talking to your kid through a baby monitor? There have been numerous reports of Google Nest cameras being hacked over the past couple of years. Hackers used credential stuffing to break into them. Credential stuffing is essentially looking for passwords that had leaked online as a result of data breaches and using them to access the compromised individuals’ accounts on other platforms, because aren’t we all re-using passwords across the board? And nowadays it doesn’t take a world-class hacker to do it!

A few dozen bucks will buy you a cracking app that will let you hijack someone’s Netflix or Instagram account. It looks like most of the time the fraudsters who’d broken into unsuspecting Nest users’ accounts were doing it just for kicks.

A family in the San Francisco area was “warned” by a voice coming from their Nest Cam of an imminent missile attack from North Korea saying they had three hours to evacuate. After several such break-ins were reported, Google beefed up Nest’s security by adding a two-factor authentication which should have resolved the issue. What is clear is that manufacturers should try to address these issues before they become a cause for concern and cause damage. Hacking your house will seem like a joke compared to a real and deadly threat of having your medical devices, like insulin pumps or pacemakers, tampered with. In 2012, a now-deceased White Hat hacker Barnaby Jack proved it was possible to kill a diabetic person from 300 feet by ordering an insulin pump to deliver fatal doses of insulin. He said the same could be done if one hacked into pacemakers or implanted defibrillators. 

camera lens
Manufacturers listen when the FDA sent out a word to medical tech manufacturers, warning them of backdoors in their devices’ systems and corrected at least some of them/By Bernard Hermant via Unsplash

So what can you do to protect your privacy from prying ears and eyes? First of all, be pro-active, go online and find instructions on how to delete your voice recordings from the voice-activated apps you use and how to change settings on other apps and devices that give them free rein as far as your privacy goes. “Mozilla "privacy not included” guide may come extremely handy in finding out more about security profiles of the devices you own and the ones you’re planning to buy. In the case of Smart TV’s, you may want to withdraw your permission to use automatic content recognition (ACR) which collects data about your preferences and uses it for personalised advertising and viewing recommendations.

As for robotic vacuums, you might be better off using it without connecting it to the internet or opting out of sending map data to the cloud by changing settings in your app.

But given recent reports of Philips Hue smart lightbulbs demonstrating a vulnerability that could enable a hacker to launch an attack on your home computer network, one might consider switching to good ol’ “dumb” lightbulbs or even vacuuming by hand to preserve some peace of mind. Because, as Albert Gidari, director of privacy at the Stanford Center for Internet and Society, said, describing the direction that modern technology is moving: “…everything that can be connected will be connected, and <…> all the data that can be collected will be collected.”