Google has admitted a breach of more than 1,000 customer conversations recorded by its Google Assistant smart home devices.
Leaked to Belgian news site VRT, the conversations are collected by smart assistant manufacturers like Google and Amazon to improve the accuracy and responsiveness of their devices – but they are meant to stay confidential.
VRT said that a contractor provided it with some of the recordings, which journalists were able to use to identify some of the people in the clips. VRT also examined what kinds of conversations were being stored when people say “OK Google,” to activate voice commands in a Google Home product or Android smart phone.
Among other things, VRT says it heard customer addresses, people talking about medical conditions, and in at least one case a recording of a woman in distress.
Smart home. Vulnerable home.
While it may be convenient to remotely check your thermostat or see the back garden security camera from a smartphone, many cases have been documented where smart home devices like alarms, locks, and even baby monitors have been hacked.
Researchers have found that even smart home security devices like doorbells, locks, and smart cameras could be easily breached.
Smart home systems are typically managed from a central hub. Having access to someone’s hub account could allow a criminal to spy on potential victims, see their schedules, or view security video feeds.
Thieves could tamper with smart electric plugs, HVACs, or thermostats to spike energy usage or potentially disable some devices. Or they could simply plan their robberies when they know people are likely to be out.
There are a range of things you can do to secure your smart home. Some of them require new equipment but most are fixes you can make yourself.
Here are some of the top options:
USE THE BUILT-IN PRIVACY FEATURES
Deleting your Google Assistant voice history is fairly straightforward. If the Google leak worries you, follow the instructions here and wipe the slate clean.
If you’re an Amazon smart home customer you should know that it also stores clips of voice recordings when you activate Alexa, and has a team of human analysts that analyse clips to detect patterns and improve the service.
You can stop Alexa from using the clips and also delete your past recordings.
DO SOME HOMEWORK
Smart home devices are still a relatively new technology category and a multitude of vendors have jumped in, many competing mainly on price with better-known brands. Given the kind of vulnerabilities you could be introducing into your home, it’s important to know if the company has a reputation for security – for example, updates its software frequently enough to protect against known threats.
‘TRUST’ BRANDS YOU KNOW
While we wouldn’t recommend spending more than you have to, at this early stage in the smart home market’s development, sticking with well-known brands can minimise the possibility of issues later on.
Google, Amazon, and Apple all have security problems of their own— but they also add physical mute buttons, for example to devices with a listening capability, and these can’t be bypassed easily.
TIDY UP HOME NETWORK SECURITY SETTINGS
If your home router can accommodate it, try setting up a dedicated WiFi network just for your smart devices. It will ensure that any network traffic associated with smart home devices moves through a line that’s separate from the one you use for smart phone and PCs.
KNOW WHAT YOUR RIGHTS AND OBLIGATIONS ARE
No one likes wading through the legalese of computing end-user agreements, but at least take a look at the terms you’re signing up to before connecting a new device to your network. Of course you have very little influence over you’re agreeing to, but you can compare other customer experiences. Google to find out, for example, if someone has already tried to find out what and where customer data is stored.
REVIEW YOUR PASSWORDS
Many smart home devices come pre-programmed with default passwords – which can be a gift to cybercriminals. Manufacturers do this so they can easily access the device remotely in order to apply software and firmware upgrades, but if an attacker gets hold of it, they can configure a device to their own ends.
Always change the default password on any smart home device you purchase. Use a strong password that can’t be easily guessed.
Be smart about smart devices
Juniper Research says there will be 8 billion voice assistants in use by 2023. Smart devices and systems are clearly becoming more popular.
As long as you take a few precautions, your smart home doesn’t have to be haunted by cyber spooks.
And there are additional steps you can take. Home security add-ons like Bitdefender‘s Boxcan monitor the web coming in to smart devices. They look for possible attacks and alert you if any new device or user attempts to access your network, and help block potential intrusions.
Another trick is to wait until the smart home gadget you want is in second or third generation. Going through a few iterations helps tech companies identify problems and smooth out any wrinkles.
Looking to raise awareness of cyber-security matters that directly affect your employees? Help your employees stay safe in the fight against cyber-crime – sign up for a free security awareness training demo, today. We help employees address the risks both at work but, crucially, in their home life too.