Is that smart device secure, and will it protect your privacy?

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

The decision to introduce a new smart device into your home should come only after you’ve answered these two questions affirmatively: “Will the device improve the quality of my life/fill a need I have?” and “Am I satisfied with the level of security and privacy the manufacturer provides to users?”

smart device secure

Unfortunately, users’ needs (and wants) often end up being more important than security and privacy and the answer to that second question is simply ignored. In some cases, though, users want to find the answer to it, but they don’t know where to start.

Researching smart devices

According to ESET researchers, a good first step is to research the device’s potential vulnerabilities, and that can be done by searching online for mentions that include variations of “device name” or “device brand name” in conjunction with terms like “security vulnerability,” “privacy breach,” or “data leak.”

“No device or software is guaranteed secure or without potential vulnerabilities. However, companies can be judged based on how they react to disclosure of vulnerabilities in their products,” the researchers pointed out.

“Some of the devices tested had vulnerabilities that have been dealt with quickly with new software and firmware. Unless such disclosures are promptly acknowledged and the vulnerabilities fixed, choosing an alternate device would be an appropriate response.

Other questions that you want to know the answer to are: Does the manufacturer update the firmware and can it be auto-updated? Can you be notified of the pushed-out update through an app or email? Answers can be found on the manufacturer’s or a vendor’s website, or via Google.

Reading the privacy policy should also be a must.

“Understanding what data is collected, stored or shared will help you make the decision on whether the device should be part of the overall network or kept isolated. And if neither of these is deemed secure, then, of course, don’t purchase,” they advise.

You must know that the search for this information will usually (and unfortunately) take some time and considerable effort.

For example: even though each manufacturer should provide a privacy policy or a similar document explaining how the data captured is collected and used, in practice, these policies are occasionally very vague, hard to read and difficult to locate.

The results of your research should inform your decision

The researchers have provided results unearthed in their own fact-finding missions. They searched for answers to all those questions for some popular products from seven vendors, and shared them in a report.

The list of the products includes:

  • The Amazon Echo (2nd Gen) virtual assistant
  • The D-Link DCH-G020 Connected Home hub
  • The D-Link DCH-S150 Motion Sensors
  • The D-Link DCS-935L and D-Link DCS-2132L cameras
  • The NETAMTO weather station
  • The Nokia Health Body Cardio Scale and the Nokia Health Body+ Scale
  • The Sonos PLAY:1 Wi-Fi-connected speaker
  • The Woerlein Soundmaster Internet Radio IR4000SW
  • The TP Link Smart Plug HS110.

If you’re considering buying one or more of these devices you’re in luck: they did the legwork for you and also added a few tips on how to use these devices safely (or as safely as possible).

If not, you have great examples on what you should look for and take into consideration.

Also, if you’ve already bought a smart device, and plant to continue using it, the researchers offer the following advice:

  • Use caution when sharing data on social networks or with a vendor’s own systems. Sharing your location, device and pattern of usage may give cybercriminals enough data to scam you or start a targeted attack.
  • Voice-controlled intelligent personal assistants are convenient. They are also all-knowing. Think carefully how much you tell your assistant, or how much you ask it to gather on your behalf.
Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.