Connected devices quietly mine our data, privacy experts say

If you control your garage door, your heating and your fridge from your smartphone, expect that someone else could get control of them, too, cybersecurity expert Scott Wright says.

• Shodan webcam search engine raises privacy concerns for Internet of Things
• Hackers post webcam, security camera, baby monitor video online
• Hackers kill engine of moving Jeep on highway in security demo

The explosion of the so-called Internet of Things the gadgets we strap to ourselves or install in our homes, offices and cars that are connected and controlled by a network leavesa data trail for hackers. It can tell them when we're home, what we're saying, and about our health.

And attacks on machines, like the Jeep Cherokee thathad its brakes and other controls remotelydisabled last summer, also shows that these connected devices can be a back door for hackers.

It's largely happening because manufacturers push technology to what it's capable of, says Wright, president of Security Perspectives Inc., says. But they aren't designing with security in mind, he said.

And most of us aren't buying things with that in mind either.

Voice-activated TVs

It may come as a surprise, then, that if you're watching TV, it could be listening to you.

"Smart TVs and appliances are sort of communicating either with each other, just monitoring your activity and deciding what you might want to do next," Wright says. "You can give them commands like the way you do to Siri, but the TV manufacturers haven't really had a lot to think about in terms of security like Apple."

If you read the fine print in the privacy policy for Samsung's voice-activated TV, you'll see that they are continuously picking up the audio in the room. That information gets transmitted back to a third party where it gets translated to see if there's a command that the TV should respond to.

While those conversations could be stored by the manufacturer, Wright says firms will often subcontract the processing or the storage of that data to another company.

"They can mine that data," he said. "They know how many times you watched certain shows or asked for certain things and that kind of information could be used for marketing or other types of commercial use."

Home appliances

Connected devices may also leave people vulnerable to a hacker, because they can act as a gateway to the rest of the network.

Roughly 20 per cent of U.S. households have some of form of remote-controlled smart device, according to a survey released by the National Cyber Security Alliance in November. And 13 per cent have internet connectivity in their cars.

"There was a was a case the other day where someone was able to access the wifi password out of a smart doorbell to get into the network," the alliance's executive director Michael Kaiser says. "There's a cool factor that's for sure and there's the rapid explosion of technology but people aren't thinking about the security risks."

'Benign technology'

So-called "benign technology" like talking toys or baby cameras have proven especially vulnerable, because manufacturers don't expect a toy or a baby monitor to interest a hacker, Wright says.

But the hacking of Vivid Toy's talking doll, Cayla, last year shows that they can be.

"There are a lot of ways that manufacturers have to start thinking about how their benign devices can, for lack of a better word, be weaponized," Wright says. "You have to expect that somebody could abuse that device for a number of purposes, either gathering information without your knowledge or using that device as a stepping stone to another part of your network."

How to protect yourself

The executive director of Ryerson University's Privacy and Big Data Institute says that she hopes the media coverage around other hacks will spur the public to learn more about the way in which their data has been used and the ways in which their devices could make them vulnerable.

If they stop buying products that aren't built with privacy in mind, the market will respond to that, Ann Cavoukian says.

That could be through transparency about where data is stored, how long a company will keep it, and exactly what information gets recorded when a garage door opens or someone unlocks their front door remotely.

"It's a time for companies to accept more responsibility to secure their products," Cavoukian said. "They will also gain a competitive advantage; customers want this and they're going to be asking for it more and more. With enough people feeling that way, it'll impact their sales, and they'll get smart."