Smart homes may be smart enough to spy on homeowners

Are your smart televisions, smartphones and smart fridges vulnerable to eavesdroppers?

The WikiLeaks revelations that the CIA purportedly has the capacity to break into our everyday consumer electronics raises that troubling question.

“I am in general distrustful of leaks of this nature,” says attorney Chris Dore, a partner at Edelson PC in Chicago, which specializes in consumer privacy, technology and data security. “But from what I know of data security issues and privacy issues at the consumer products level, I have no doubt that hackers can do this, and certainly the CIA and NSA are capable of doing this type of thing.”

According to the WikiLeaks data dump, CIA hackers can break into iPhones, Android phones, PCs running Microsoft Windows, and Samsung smart TVs and exploit the microphones inside such electronics.

Microsoft and Google told USA TODAY they are looking into the matter. Apple and Samsung haven’t responded to a request for comment. The CIA has declined to comment.

WikiLeaks documents say the Samsung TV could be placed into a “fake-off” mode, duping the consumer into thinking the TV was turned off while in fact conversations were being secretly recorded and then sent via the Internet to “a covert CIA server.”

Similar unsettling questions have been raised before.

Two years ago, the Electronic Privacy Information Center filed a formal complaint with the Federal Trade Commission over the “always on” listening capabilities inside Samsung Smart TVs. Samsung issued a statement then that the feature could be disabled at any time and that the TVs “do not monitor living-room conversations.”

Meantime, it was only last month that TV maker Vizio paid $2.2 million to settle charges over software on some of its smart TVs that was used to collect viewing data without consumers’ consent. The FTC and the Office of the New Jersey had alleged that starting in February 2014, Vizio captured information on 11 million consumer TVs about what viewers were watching on cable, streaming services and over-the-air broadcasts.

Vizio at the time said its software “never paired viewing data with personally identifiable information such as name or contact information” while lauding the FTC resolution as setting a best standard for makers of smart TVs.

There’s a flip side: The ability of consumers to talk to devices in the home, and be heard in kind, is a convenience many have come to appreciate. Amazon’s Echo speaker is always in a listening mode for the “Alexa” wake word. But Dore says Amazon does a pretty good job of explaining that: “People can make a choice.”

Sinan Eren, a vice president at the Avast security firm, says: “Any embedded device will remain a great target because it presents a significant return on investment to hackers and nation-state actors. Even though compromising mobile systems and smart devices takes significant financial investment and manpower to do so, once they’re in they’ll likely get several years of use out of their malicious toolkits.”

Should consumers be paranoid over the WikiLeaks revelations?

“I think paranoia is a strong word,” Dore says. But he does believe consumers should be “skeptical” every time they bring a device into the home that is connected to the Internet.

Dore says, “We are literally coating our house, our most personal space, in new Internet of Things devices that are being rushed to market, usually without much thought in terms of data security.”

Source: Florida Realtors