Smart Homes: Dream come true or privacy nightmare?


Copper Horse’s Mobile Security Intern, April Baracho looks at some data privacy issues for the Internet of Things in homes:


Smart homes are changing the way we live. More efficient power consumption and connected appliances that communicate with one another are increasingly becoming a reality in many homes. From door locks to thermostats to remote controlled lighting, every aspect of the way in which we interact with home appliances is changing. The key question: Is it for the better?


In many ways, our lives could be much easier. Waking up in a smart home might very likely mean that you have a pot of coffee brewing in your kitchen as soon as your alarm goes off. Your smart thermostat will adjust the room temperature as it senses you leaving your bedroom to conserve energy and you could even set your music player to play your favourite tunes as it detects you entering the shower.


The virtual holes in the walls of Smart Homes

Apart from offering enhanced usability and control, smart homes collect and analyse a lot of user data. Every new household appliance connected to the internet generates more data about the user’s patterns and behaviour creating yet another digital trail of personal details. This data is more than likely to be stored in some company’s servers and could easily fall into the wrong hands.


With increased connectivity comes an exponential increase in the threat surface. A case in point is the recent spate of hacks into home networks via internet facing devices installed in the home. Weakly secured baby monitors allow hackers undetected free access to their victims’ lives. Aside from this invasion of privacy, devices that transmit location data (for example over social media) could enable easy tracking of the physical location of the owner’s home. The ability to remotely view home data could be used to monitor user presence in the home as part of a burglary attempt. Public information of this sort is already used against celebrities. One example was the robbery of football pundit Ian Wright’s home in London whilst he was commentating in Brazil during the world cup. Additionally, once access to a smart object has been gained, there’s little to stop a hacker from gaining access to the rest of the home network. And many a time, this is the key goal of a hacker to begin with.


Collection of data by… who?

As appliances and wearables become more ingrained in our daily lives, it is important for users to be cognizant of what data they’re putting out there. As an owner of a smart refrigerator, one would be happy for it to print out a grocery list, but how would you feel if this data was also being shared with life insurance firms? It has been reported that this situation is not far from reality. Your shopping habits could have a huge impact on  insurance premiums. This shopping data is already collected and analysed by insurance firms to get an insight into your lifestyle and determine how much of a risk you pose so it is not unreasonable to expect them to enhance that data with information gained from the smart home. Data privacy laws tell us that personal data collection must be limited and not be shared with anyone without active user consent. Are these laws being adhered to then and is there an opt-out that we aren’t even aware of?


Just ignore the small print; it’ll be ok, right?

While transparency from a vendor is crucial, the onus is on the consumer to be mindful of what they are agreeing to. Not many of us really take the time to read the user license or privacy policy and companies know that. They want us to ignore the small print and just click ‘agree’. The other trick employed by an increasing number of technology companies is to deny access to a service at all if you don’t sign up to the entirety of the data usage terms. This leaves users with little to no option – if they want the online service, they have to handover their personal data, for as long as they own that product. There is a desperate need for balance to be restored this domain.


The path to privacy and user awareness is a long and winding road and certainly as complicated a matter as any in the adoption of the internet of things. Smart homes can bring us many benefits, but user uptake could be considerably harmed by companies playing fast and loose with private data which breaches the sanctity of our own homes. The dream might just be a waking nightmare.