Imagine walking into your home, and the lights automatically adjust to the most comfortable brightness for you, the music player starts playing your favorite tunes, and the smart fridge tells you what groceries you need to replenish. This is the wonderful life scenario that smart homes bring to us.
When we talk about smart homes, what may come to mind are a series of technological products such as smart speakers, smart door locks, and smart lighting that make our lives convenient.
However, the application of the Internet of Things (IoT) in smart homes also brings new challenges to personal privacy and security. As Fowler (2019) mentioned, although we are concerned about the surveillance of applications on computers and smartphones, we firmly believe that home is the place where our privacy can truly be protected.
This article will explore the impact of smart homes on personal privacy, security, and digital rights, as well as the measures that individuals, manufacturers, and relevant institutions need to take.
Internet of Things (IoT) and the Rise of Smart Homes
IoT is a system composed of devices or machines connected to the internet, capable of collecting and transmitting data wirelessly without human intervention (Casquejo, 2020). Smart homes utilize interconnected devices and appliances, integrated through a home automation system, allowing users to easily control and manage all smart devices through a centralized interface, enabling intelligent management and control. This technology can effectively save costs, time, and energy. It is predicted that by 2023, the total value of the global smart home market will approach $140 billion (Thormundsson, 2024).
Additionally, according to the Statista Research Department (2023), published on November 15th, the segmented areas of the global smart home market are expected to continue expanding between 2023 and 2028, with the total number of users expected to grow to 424.5 million, with a growth rate of up to 117.69% (Figure 1). This demonstrates the tremendous market potential and growth prospects of smart homes.
However, it is worth noting that the IoT technology introduced in smart homes brings with it a plethora of vulnerabilities, many of which are by-products of remote monitoring and controlling building infrastructure and its connected devices (Wendzel et al., 2014). In other words, the proliferation and popularity of smart homes will bring with it a higher risk of personal privacy breaches.
Risk of Personal Privacy Breach
As mentioned earlier, the core of smart homes lies in connecting various smart devices and sensors, which collect a vast amount of personal information. For instance, smart speakers may record our daily conversations, smart cameras may capture our living scenes, and smart door locks may expose our entry and exit habits.
Many people may have experienced some “coincidences” like this: perhaps you mentioned some hobbies or products in a recent conversation with friends, but you have never searched for them online. However, the next day, you receive relevant notifications or advertisements in your commonly used applications. Faced with this fact, people may joke, “Is my smart device eavesdropping on me?” Jokes aside, in reality, we should seriously consider whether our smart home devices might be “listening in” on us.
Take the Echo as an example. It is a smart speaker product launched by Amazon, equipped with the AI assistant Alexa, which enables it to execute various tasks through voice commands based on speech recognition technology and cloud computing. When a user utters specific wake words, such as “Alexa,” the Echo smart speaker starts recording and uploads the recording to Amazon’s cloud servers for speech recognition. After the server recognizes the user’s command, it executes the corresponding task and sends the result back to the Echo device, which is finally played out in voice form.
In fact, this practice of recording commands and transmitting them to the cloud can be seen as a kind of constant “eavesdropping.”
Although this term may be somewhat exaggerated, the reality is so. Amazon claims that Echo only starts recording after the wake word is recognized, in an interview with a local TV station, Danielle disclosed a series of bizarre incidents. She found that her Amazon Echo device recorded her intimate conversations with her husband and sent the recordings to one of her husband’s employees (Warren, 2018). Despite Amazon’s claim that customers have control over their own voices, this case clearly indicates that the product’s design is unable to protect personal privacy.
Fowler (2019) believes that unless the Echo device’s microphone is muted (which contradicts its primary function) or unplugged, it is almost impossible to prevent Amazon from collecting these recordings. Bloomberg also found that the Amazon Alexa team has the right to access users’ home addresses, and some members of Alexa Data Services can even access the specific location information of recording devices (Day et al., 2019).
In addition to Amazon, Verheyden et al. (2019) found that subcontractors of Google also listen to and transcribe some recordings of Google Assistant, many of which are inadvertently recorded and may contain sensitive personal information. Apple, in order to improve Siri’s performance, also allows employees to analyze recordings, and recordings may be stored for up to two years. These facts are shocking and reflect the urgency and necessity of attention to personal privacy protection in smart home field.
Furthermore, since privacy policies are often lengthy documents, few users actually read them in full, often simply clicking the “Accept” button, making it easier for smart homes to collect more personal information.
“While people say they care deeply about privacy, their behavior seems to suggest otherwise.”
Francis and Francis (2017)
As Francis and Francis (2017) stated, “While people say they care deeply about privacy, their behavior seems to suggest otherwise.”
Smart home devices often require data storage and processing through cloud servers, during which users’ data is uploaded to the cloud. However, according to Herold (2020), many smart devices lack built-in security and privacy control mechanisms, unable to effectively protect the transmission of sensitive data, thereby exposing users to the risk of unauthorized access without their knowledge. For example, in December 2019, the database of camera manufacturer Wyze Labs was hacked, resulting in the personal information of approximately 2.4 million users being exposed. Some malicious actors may exploit this leaked data for identity theft, data tampering, and other malicious activities, adversely affecting personal privacy.
The Hazards of Personal and Home Security
The security issues of smart home devices cannot be ignored. Since smart home devices are usually connected to the internet, and the security of these devices is often low, with weak password strength. Many IoT devices, including some designed to enhance physical security, actually lack authentication or encryption functionality. This means potential attackers can directly connect to these devices without any security verification, bypassing any potential security vulnerabilities (Herold, 2020).
“I am nervous about IoT devices because their firmware is often outdated and full of unpatched vulnerabilities. However, for most homeowners, patching and updating these devices is often not their top priority.”
Senior Network Security Project Manager Eder Ribeiro
Many experts also express similar concerns. Senior Network Security Project Manager Eder Ribeiro said, “I am nervous about IoT devices because their firmware is often outdated and full of unpatched vulnerabilities. However, for most homeowners, patching and updating these devices is often not their top priority.” Data-driven defense advocate Roger Grimes stated, “Most IoT device manufacturers have not made serious efforts to protect their devices from hacker attacks” (Naprys, 2023). In other words, the negligence of consumers and manufacturers regarding smart home security issues collectively results in higher risks to home security.
Moreover, many smart home devices require Wi-Fi connection, which increases the risk of network attacks.
Denial of Service (DoS) attacks are a type of network attack where malicious actors disrupt the normal functioning of devices, rendering them unusable for their target users (Cloudflare, n.d.).
Hackers can exploit the Wi-Fi connection of smart home devices to launch DoS attacks. Once a device is compromised by hackers, they can further attack other devices through this compromised device, forming a chain of attacks. For example, in 2016, a botnet network called Mirai utilized default passwords on a large number of smart home devices to launch attacks, resulting in global internet service disruptions. In today’s reliance on networks, internet disruptions can lead to the paralysis of essential services, causing significant property damage and personal security issues.
Not only that, but intruders may exploit vulnerabilities in devices to invade home networks, thereby stealing personal information or compromising the security of family property. For example, the 2019 intrusion incident involving Ring, a smart home company’s cameras. In this incident, some users of their devices found their cameras invaded by unauthorized third parties, who remotely communicated with household members through the camera’s audio function(Figure 4). These invaders not only spied on activities inside the home but also attempted to extort users or engage in other malicious activities, adversely affecting personal and property security.
However, even after such hacker attacks, the company failed to adequately update its security measures. It even blamed users for the situation, citing insufficiently strong passwords (Paul, 2020).
This incident further fueled concerns about smart home devices, namely that some smart home devices may pose potential risks of remote control. Imagine if hackers targeted not cameras but the control system of smart door locks. They could unlock the door and break into the home, stealing sensitive information or personal property inside the home, and potentially posing serious threats to the personal security of family members, resulting in unforeseeable consequences.
Violation of Digital Rights
The compromise of personal privacy and home security will further lead to the infringement of people’s digital rights.
On the one hand, the data collection and processing of smart home devices may involve users’ sensitive personal information. If this information is misused or shared without the user’s consent, it will infringe on the user’s digital rights.
On the other hand, the use of smart home devices may require users to provide personal information or authorize access to certain data. People are often “forced” to agree in order to use the device or service. Flew (2021) argues that people find it difficult to understand these terms (moreover, they may change without notifying users), and it is also difficult to give free consent because it is almost impossible to use the service without agreeing to the terms. This also to some extent limits users’ digital rights.
Privacy Protection Measures and Responsibilities
While smart homes face challenges, we need not avoid using these devices but actively take measures to strengthen protection.
From a Personal Perspective
From a personal perspective, it’s crucial to develop self-awareness for protection upon understanding the threats smart homes pose to personal privacy.
Firstly, for each smart home device, use unique and hard-to-guess passwords. For example, using password management tools can help generate and remember complex passwords.
Secondly, enable two-factor authentication for smart home devices or services. This way, even if attackers know the password, they’ll need additional verification steps to log in.
Thirdly, software and firmware updates often include security patches and fixes for known vulnerabilities. Therefore, regularly checking and installing these updates is essential and should be a priority.
Finally, grant smart home devices only necessary access permissions. For instance, devices that don’t need internet connectivity shouldn’t be allowed to connect to the internet. Where possible, using a Virtual Private Network can enhance the security of data transmission.
Manufacturer Responsibilities
Manufacturers need to promptly release and push security updates to fix security vulnerabilities in their products. If situations unfavorable to consumers arise, proactive solutions should be provided. For example, manufacturers need to keep up-to-date with the latest encryption technologies to protect user data and ensure data security during transmission and storage.
Additionally, manufacturers need to clearly state how they collect, use, and protect user data. Users have the right to know how their data is used and decide whether to share it.
Role of Governments and Relevant Agencies
The IoT is a new popular trend, and currently, the protocols involved lack consistent standards.
Therefore, to ensure vendors take appropriate responsibilities, governments and regulatory bodies need to develop and continually update regulations concerning IoT regulation, using consistent standards to regulate the development, production, and sale of smart home devices and ensure the enforcement of these regulations. For example, security standards and certification processes for smart home devices could be established. Only devices that meet these standards and are certified should be allowed to be sold on the market to protect device security.
Besides, appropriate punitive measures should be taken against manufacturers and service providers who violate regulations. Situations where vendors shift responsibility and blame consumers need be avoided. For users who are harmed due to security or privacy issues with smart home devices, the government can provide legal assistance to help them uphold personal privacy and digital rights, enabling consumers to make purchases with confidence.
Conclusion
This article emphasizes the relationship between smart homes and personal privacy, security, and digital rights through case analysis and the necessity of taking measures. In the information age, smart home security and privacy protection are ongoing challenges that require the joint efforts of users, manufacturers, and relevant agencies. Through presenting feasible measures from various perspectives, I hope readers can better understand the impact of smart homes on personal privacy and security. This aims to raise awareness in this field and collectively establish a secure and reliable smart home environment.
Reference
Casquejo, T. F. (2020, September 23). Smart Home Technology and its Growing Popularity in Australia. https://www.laserco.com.au/media/smart-home-products-and-growing-popularity-in-australia
Cloudflare. (n.d.). Denial of service (DoS). In Cloudflare Learning Center. https://www.cloudflare.com/zh-cn/learning/ddos/glossary/denial-of-service/
Day, M., Turner, G., & Drozdiak, N. (2019, April 24). Amazon’s Alexa Team Can Access Users’ Home Addresses: Some members of Alexa Data Services see latitude and longitude. Bloomberg. https://www.bloomberg.com/news/articles/2019-04-24/amazon-s-alexa-reviewers-can-access-customers-home-addresses
Flew, Terry (2021). Regulating Platforms. Cambridge: Polity, pp. 72-79.
Fowler, G. A. (2019, May 6). Alexa has been eavesdropping on you this whole time. The Washington Post. https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/
Francis, L. P., and Francis, J. G. (2017). Privacy: What Everyone Needs to Know. Oxford: Oxford University Press.
Herold, R. (2020, January 28). Five Common Privacy Problems in an Era of Smart Devices. ISACA Now Blog. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/five-common-privacy-problems-in-an-era-of-smart-devices
Naprys, E. (2023, November 28). Cyber pros avoid smart devices: there is a good reason. CyberNews. https://cybernews.com/security/cyber-pros-made-me-think-twice-about-smart-home-devices/
Paul, K. (2020, December 24). Dozens sue Amazon’s Ring after camera hack leads to threats and racial slurs. The Guardian. https://www.theguardian.com/technology/2020/dec/23/amazon-ring-camera-hack-lawsuit-threats
Statista Research Department. (2023, November 15). Number of users of smart homes worldwide from 2019 to 2028. Statista. https://www.statista.com/forecasts/887613/number-of-smart-homes-in-the-smart-home-market-in-the-world
Thormundsson, B. (2024, January 10). Smart home – statistics & facts. Statista. https://www.statista.com/topics/2430/smart-homes/#topicOverview
Verheyden, T., Baert, D., Van Hee, L., & Van Den Heuvel, R. (2019, July 10). Google employees are eavesdropping, even in your living room, VRT NWS has discovered. VRT NWS. https://www.vrt.be/vrtnws/en/2019/07/10/google-employees-are-eavesdropping-even-in-flemish-living-rooms/
Warren, T. (2018, May 25). Amazon explains how Alexa recorded a private conversation and sent it to another user. The Verge. https://www.theverge.com/2018/5/24/17391898/amazon-alexa-private-conversation-recording-explanation
Wendzel, S., Zwanger, V., Meier, M., and Szlosarczyk, S. (2014). Envisioning Smart Building Botnets. In Proc. Sicherheit.
Be the first to comment