So you got a new smartphone, smart TV or other “smart” device for Christmas, and now it’s all set up, internet connected and ready to make your life easier. Or is it?
It’s easy to forget that everything from internet-connected speakers with voice assistants to TVs with built-in apps can be always listening — and sometimes watching, too. Too often it takes a high profile crime, like the recent Amazon Ring attacks in which hackers gained access to the doorbell service’s video and audio systems, to remind us that the technology we welcome into our lives and homes can be turned against us.
“As we rely more and more on technology in our everyday life, we have to understand that the criminals in our midst will be using that same technology looking for new and innovative ways to steal from us or harm us,” Paris Police Chief Bob Hundley said. “To quote an insurance tagline, ‘it’s what they do.’”
In the pre-digital age, law enforcers were concerned about “con games” in which criminals sought to be upfront and personal with their victims, the chief said. Pigeon drops, con games, get-rich-quick schemes involved walking up to a stranger and starting the con, just by starting a conversation. Fast forward to today, and the “mark” is the same, he said. It’s how the game is played that’s changed.
“The suspects are not seen; it’s a voice, maybe even a computer-created voice on a spoofed phone number or an email, all of which hide behind an electronic screen that is sometimes impossible to get through and trace,” Hundley said.
Scam and fraud reports at Paris Police Department increased in the last decade, with officers responding to 200 such calls in 2010 and to 386 in 2019. Many scams go unreported, the chief said, adding officers hear of scam attempts old and new almost weekly.
And the world of smart products — that’s everything from refrigerators and thermostats to cars and voice assistants — can be downright dumb when it comes to security, Hundley warns. Unfortunately, too many people leave themselves vulnerable to attack because they believe their networks are too small to be at risk of a cyberattack or they believe their devices are secure enough right out of the box, according to the U.S. Department of Homeland Security.
“Most attacks are not personal in nature and can occur on any type of network — big or small, home or business. If a network connects to the internet, it is inherently more vulnerable and susceptible to outside threats,” states a Homeland Security safety tip.
The more smart products consumers buy, often for the promise of accessing home from anywhere they are, the more opportunities there are for criminals to take advantage. Research firm IDC estimates worldwide shipments of 815 million smart speakers, security cameras and other devices in 2019, up 23% from 2018. Many of the sales are for gifts.
You could sidestep the risks altogether by returning the devices right away. But if you decide to keep them — and the artificial intelligence behind them — there are a few things you can do to minimize their eavesdropping potential.
The speakers listen … and watch
Smart speakers such as Amazon’s Echo and Google Home let you check weather and appointments with simple voice commands. Fancier versions come with cameras and screens.
Many of these devices listen constantly for commands and connect to corporate servers to carry them out. Typically, they will ignore private chatter and transmit sound recordings only when you trigger the device, such as by pressing a button or speaking a command phrase like “OK Google.” Some gadgets also have a mute button to disable the microphones completely.
But there’s no easy way for consumers to verify those safeguards. In one case, the Alexa assistant in an Echo device misheard background conversation as a command to send the chatter to an acquaintance — and so it did.
One more catch: Voice commands sent over the internet are typically stored indefinitely and may include conversations in the background. They can be sought in lawsuits and investigations.
Reputable companies let you review and delete your voice history. Amazon now lets you request automatic deletions after three or 18 months — but you need to set that up, and there’s no option to keep Amazon from saving your command history at all.
If you have kids, set up a passcode for shopping if your speaker allows it. Otherwise, it can be child’s play for a kid to order toys and other goodies through Alexa.
As for those screen models, many also have cameras for video chats. When you’re not using the device, consider turning it around to face the wall, especially in the bedroom and other private settings. Or stick a bandage or some tape over the camera. It shouldn’t be recording, but why tempt fate?
Security with security video
Online security cameras let you check in on your pets or kids when you’re not home. Amazon’s Ring doorbell lets you check who’s at the door without getting up.
Here’s the rub: If you can view video on an app, it’s possible that a skilled hacker can, too.
When you use the same password at multiple services, a hacker stealing your password from one place can try it on the camera service, too. So, don’t reuse passwords. When available, enable two-factor authentication, which requires you to enter a temporary code sent as a text to ensure it’s you.
“Passwords are a pain to remember,” Hundley said. “Change them frequently, do not use the same password for all of your accounts or websites and make them difficult and unique. If you choose to write them down, make sure you keep the list in a secure place and don’t identify the accounts by name, use a nickname.
“There are password vaults that can remember your passwords; I suggest any of these you use should have two-factor authentication, such as receiving a code number on your phone to continue the login process.”
The simple advice is don’t talk to strangers, Hundley said. Just about every business on the web knows the dangers involved, for both the business and the customer. A legitimate business will not call, text or send an email wanting any of personal information regarding someone’s account. If they do, don’t call any number supplied by the message, call the regular business number and talk to them about the issue, the chief advises.
“Never give your personal information out to anyone online or to anyone who has called you. A business probably doesn’t know your password, but I promise you someone in that company can see all the information they have about you. They don’t need your password to check balances, purchases and the like,” Hundley said.
Anti-virus and protective software is a must, he added.
About those TVs
Many smart TVs and TV streaming devices come with mics for voice-activated playback controls and video search. That means having audio snippets transmitted over the internet. The same warnings for smart speakers apply here.
There’s a simple fix if you aren’t using the internet features on your smart TV: Just don’t connect the TV to your Wi-Fi in the first place. Of course, this won’t work if you’re not using a separate gadget for streaming video.
Toys that talk
Kids might get a kick out of dolls and other toys that talk back. But if the toy is connected to the internet, pay attention to how much control it’s giving parents and whether it’s letting kids connect to the outside world. You can check online to see if other parents or consumer groups have identified problems.
And be sure to install the latest apps and other software updates as they roll out, as they may come with fixes for flaws that can otherwise be exploited by hackers.
House Bill 4390 requires business owners to disclose when their computerized data with sensitive personal information may have been breached or hacked, Hundley said.
It sets a deadline of 60 days to report the breach. The owner must also notify the attorney general’s office if the online breach affects more than 250 residents.
There are many laws already on the books regarding cyber security and misuse of personal information, both state and federal, the chief added.