We’re always looking for bright minds!
See open positions
CybersecurityTech

Smart devices and your privacy – should you be concerned?

5 min read

Fact: smart devices are everywhere – from fitness trackers and virtual assistants, to AI-enabled doorbells and even Wi-Fi kettles

Smart tech helps to make tedious chores a breeze, and allows you to optimize important areas of your life. But smart tech is also changing the way we interact with daily appliances and the world at large. And this could have serious implications for your data and privacy. 

The big catch with smart devices

There’s no doubt these clever thingamajigs are handy, and very often they’re a lot of fun as well. But there’s a catch …

Smart devices rely on huge volumes of personal data to be of any use. Take your fitness tracker. What would be the point of shelling out hundreds of dollars for it if you’re unwilling to give it access to your health stats? Data is literally essential to the way these devices operate.

What’s more, tech companies are embroiled in a data collection arms race. This means there’s little hope that a robust, globally enforced privacy standard is going to materialise anytime soon.

Okay, so these companies want my data and my smart devices need it. But isn’t all this ceaseless talk of privacy a bit exaggerated? What’s the worst that could possibly happen? 

Well, how about being pursued by a stalker thanks to simply owning an Apple AirTag.

Urban horror stories aside, data privacy really is an important issue when it comes to smart devices. The consequences can range from targeted advertising through to extortion and burglary – you name it. So we’ve put together an in-depth guide to the issues with data privacy and what you can do to stay safe.

Given their massive variety, we couldn’t possibly cover all the wearables and other smart devices out there. Instead, we’ll focus on some of the most popular ones, and provide a handful of general, device-agnostic data security recommendations. These won’t make you completely bullet-proof, but they will significantly lower the risks.

Alrighty then, let’s dive in!

The issues with data privacy

There are 2 main types of data privacy issues: unauthorised sharing, and interception or hacking. 

1. Unauthorized sharing

One of the biggest problems with data collection today is that pretty much all tech companies have switched from active to passive methods of data collection. This means that most data is now collected without users’ knowledge (instead of being volunteered by them).

And the implications of this “active” approach are significant. A recent study by Imperial College London and Northeastern University found that smart and IoT devices collect vastly more data than is necessary. They tested 31 devices, and 16 of them had data transfer destinations that had absolutely nothing to do with completing the task. 

How did researchers know they were unnecessary (after all, the transfer of data is usually encrypted nowadays)? Simple – they blocked the destinations one by one to see if the task was still completed. 

The worst offenders had up to 11 unnecessary data transfer destinations, and this is really troubling. Why? Because it means that when you’re ordering a pizza through a device like Alexa, for example, that information may reach various third parties you’re not even aware of. The researchers found that in some cases personal data was channeled directly to digital advertisers without prior consent.

When it comes to smartwatches and fitness trackers, many brands have come under fire in the latest report by Human Commons Data Foundation

The study graded companies on factors like legal rights, data collection and sharing, data access, and security. It found that companies often create marketing profiles of users by combining fitness data with information from social media and other sources. In some cases they are even partnering with insurance companies. 

Manufacturers of popular devices like Fitbit and Google’s Wear OS platform were found to have “aggressive” data collection and sharing practices, along with terms that limit users’ rights.

2. Interception and hacking

Smart devices are notoriously easy to hack. Gadgets like thermostats, lights, and locks are often used by burglars to spy on homeowners – they then break in when the owners are out. Given that the number of IoT devices is expected to reach 41.6 billion by 2025, this is a serious issue.

According to recent estimates, over 83 million smart home devices are currently at risk of hacking, including web cameras and baby monitors. In addition, smart homes face up to 12,000 cyber-attacks every week. The two most hacked devices seem to be smart TVs and smart home speakers (including Alexa and Amazon Echo). 

So why is hacking these devices apparently so easy? Well, one of the major vulnerabilities of these devices is buggy software. But probably the biggest issue is with your internet itself. To put it simply, your privacy is only as secure as your internet connection. 

Here’s why. 

Your smart devices – from light switches to entire heating systems – contain small computers enabling them to connect to the internet and to be controlled remotely. All these devices are connected through a hub – e.g., your home network or smartphone. If that hub is breached, malicious attackers can pick and choose, buffet-style, whichever data they please.

How to stay safe

If all this sounds kinda scary, the good news is there are plenty of things you can do to dramatically reduce the risk of losing your privacy.

Here are some recommendations that apply to most smart devices, from wearables to IoT and smart home electronics.

  • Read your device’s privacy policy. This will let you know how seriously the company values your privacy and what measures are in place to protect it. What data is being collected? What are its uses? If the policy sounds vague, look for another manufacturer or device with a clearer policy.
  • Limit the types of data apps can access. Make sure that you’re only giving apps permission to access the data that is actually necessary for your purposes. If you only want to know how far you’ve run, don’t let the app access your heart rate and oxygen uptake as well.
  • Secure your router. Your router is the primary IoT target for hackers. So it’s your first and most important line of defense. When buying a router, make sure it comes with WPA2 or (ideally) WPA3 authentication. Next, change the router’s default name and password. Finally, enable the firewall and consider using a separate network for your IoT devices. That way, even if a breach occurs, at least your personal information will remain out of reach.
  • Use two-factor authentication (2FA). This should be non-negotiable for all your accounts, including fitness trackers.
  • Bullet-proof your passwords. Use strong, unique passwords that are difficult to crack, and make sure you change them every 6 months or so. If you struggle to remember multiple passwords, a password manager can help. Also, enable screen lock on your smartphone, especially if you’re using it as your smart home controller and/or network access point. For extra protection, make sure that your computer’s main account doesn’t have administrator or root privileges. 
  • Turn off location tracking. Most apps and devices allow users to deactivate location tracking. If at all possible, you should definitely do this, as location data could provide a wealth of information for hackers and scammers.
  • Keep your software up to date. Getting constant notifications about software updates might be annoying, but this software is crucial if you want your device to have all the latest bug fixes and security functions. Installing a quality anti-virus and a robust VPN is also a good idea.
  • Avoid using public Wi-Fi. Public networks are hit and miss when it comes to security. Avoid them whenever you can.
  • Disable internet access and unused features. This won’t be viable for all devices, but there’s really no need to have everything hooked up to the web at all times. If the networked features of a device aren’t relevant to you, disable its access to the internet altogether. The same goes for the features you’re not using like Bluetooth connections and voice-control, both of which can be hacked and used to spy on you.

Keep the lights on and your data safe

With the right precautions, there is no need to throw out your smart devices and go back to the dark ages. Data and privacy issues are definitely an important risk to understand when buying and using a smart device. But users who are educated and vigilant will be able to stay safe and enjoy all the perks of a smart life.