There are currently nearly 19 billion smart devices worldwide. From robot vaccum cleaners and smart refrigerators to internet-connected baby monitors and countertop appliances, it can feel as if everything in your home is linked to WiFi. Today WIRED does a deep dive into the security of smart devices—and the pros and cons of welcoming them into your home.
Director: Efrat Kashai
Director of Photography: Constantine Economides
Editor: Matthew Colby
Host: Andrew Couts
Guest: Julian Chokkattu
Line Producer: Jamie Rasmussen
Associate Producer: Paul Gulyas
Production Manager: Peter Brunette
Production Coordinator: Rhyan Lark
Camera Operator: Lucas Young
Gaffer: Niklas Moller
Sound Mixer: Rebecca O'Neill
Production Assistant: Shanti Cuizon-Burden
Post Production Supervisor: Christian Olguin
Post Production Coordinator: Stella Shortino
Supervising Editor: Erica DeLeo
Assistant Editor: Billy Ward
Director: Efrat Kashai
Director of Photography: Constantine Economides
Editor: Matthew Colby
Host: Andrew Couts
Guest: Julian Chokkattu
Line Producer: Jamie Rasmussen
Associate Producer: Paul Gulyas
Production Manager: Peter Brunette
Production Coordinator: Rhyan Lark
Camera Operator: Lucas Young
Gaffer: Niklas Moller
Sound Mixer: Rebecca O'Neill
Production Assistant: Shanti Cuizon-Burden
Post Production Supervisor: Christian Olguin
Post Production Coordinator: Stella Shortino
Supervising Editor: Erica DeLeo
Assistant Editor: Billy Ward
Category
🤖
TechTranscript
00:00There are currently nearly 19 billion smart devices worldwide.
00:03Chances are, you probably have one in your home.
00:05From robot vacuum cleaners, to smart refrigerators, to security cameras and baby monitors, internet-connected
00:11air fryers.
00:12Having everything in your home connected to Wi-Fi just means there's so much more risk
00:16of hacking and attacks and your data essentially just being exposed through people who want it.
00:22Today, we'll do a deep dive into the security of smart home devices, and we'll chat with
00:26Wired Senior Review Editor Julian Shikatu to discuss the pros and cons of bringing smart
00:31devices into your home.
00:33This is Incognito Mode.
00:38One of the most convenient smart devices out there is robot vacuums.
00:42What am I kind of opening myself up to when I put one of these devices in my house?
00:46You know, you have this robot that's going around your entire home and it creates an entire
00:51map of your home.
00:52The convenience is that you can then say, hey, can you go clean the kitchen specifically?
00:56But that is data that's stored by the company and you would want to check how that data
01:00is stored.
01:01A few years ago, it was reported that images leaked from an iRobot vacuum cleaner, such
01:05as a woman sitting on a toilet, were sent to a third party for labeling and testing.
01:09But eventually, they made their way onto Discord and even Facebook.
01:12From that leak, we know that iRobot was capturing images not just to map out the house, but also
01:16to identify everything in the house, such as a vase or a couch.
01:20This is a prime example of how the data that these companies collect can be used in ways
01:24that you might not expect.
01:26You definitely, I think, would want to just avoid using a camera-based system just because
01:29it does open up the risk of it capturing the actual mapping data of your home.
01:34Yeah, absolutely.
01:35I mean, I can imagine how a robot vacuum company would sell that data to marketers for home decor
01:42or, you know, couches and things like that.
01:44Nowadays, some companies are using LiDAR to map out your home rather than a camera on
01:49it so that the robot vacuum knows where to go.
01:51How's the technology evolving?
01:53Is there anything new that you're seeing coming out?
01:55Yeah.
01:56This past CES, actually, there was a company that basically debuted a robot vacuum that
02:01has a little arm that comes out.
02:03Well, the camera on the actual robot vacuum can detect socks, for example, and it has the
02:08capability to go over to them, grab it, and put them in a specific area so that it's not
02:12disrupting the flow of the robot vacuum as it cleans your home.
02:15There was also something about potentially a little laser pointer that could help entertain
02:19the cat so that the cat's not disturbing it.
02:21You can then theoretically also imagine what other things are going to be coming to that
02:25sort of a type of a device that roams your house, right?
02:28Some new ones are trying to do stair climbing capabilities so that they can go upstairs so
02:33that you don't have to physically move your vacuum up and down.
02:36It has that potential to sort of be that futuristic AI butler that maybe we've seen in shows
02:42in the past.
02:43That also, obviously, is going to open that category up to a little more scrutiny in terms
02:47of what exactly it's capable of, and if it can pick up a sock, maybe it can pick up a
02:51knife.
02:52The dream of having a robot butler is potentially coming true.
02:55We're just going to have to sacrifice our security and potentially our privacy to get
02:59that future.
03:00I think that was a given, though, in general, from all the sci-fi robot butlers that we've
03:04seen.
03:05I'm sorry, Dave.
03:06I'm afraid I can't do that.
03:12Smart TVs are doing a lot more than just playing your favorite movies and shows.
03:17They're also collecting a massive amount of information.
03:20Many TVs nowadays include something called Automatic Content Recognition, or ACR.
03:24Researchers found that some ACR systems capture 48,000 snapshots of what you're watching
03:29per second.
03:30Yeah, I think today it's probably very hard to find a very high-end TV with no smart features.
03:36By default, most TVs today have those streaming apps built in and some casting capabilities
03:41as well.
03:42They're also more comprehensive in how they're tracking what you watch and the data that they're
03:48collecting.
03:49Taking snapshots of what you're watching all the time.
03:50I mean, I understand why the companies would want to do that, but I don't understand how that
03:54really benefits me at all.
03:55So, in general, TVs are becoming more and more of an ad platform, even though you might
04:01think that cutting the cable cord was all about getting away from advertisements.
04:06That's all sort of coming back, like more streaming platforms than ever now have some
04:10type of an ad tier that's slightly cheaper, if not free.
04:13But of course, there's like a separate part of it, whether they're sharing that data with
04:16third parties so that Netflix can understand and know that like, oh, people liked this.
04:21They're actually watching this.
04:22That's something that companies want that data in terms of just who is watching what
04:26and for how long and what you're doing on your TV in general.
04:29ECR might even work with dumbed-down devices, so it's not even just connecting a streaming
04:35sticker, for example, or using an app.
04:37It's connecting a Blu-ray player and putting in a DVD.
04:39You might think that might be completely fine and offline, but apparently the company might
04:44still know that you were watching Titanic for the 15th time on DVD.
04:48What are some ways to make sure that your data is protected if you do have one in your house?
04:52You might be able to, I think, delete your advertising profile so that they don't have like a visual
04:57understanding of what it is, who you are in terms of your tastes and the ads that they
05:01want served to you.
05:02But a lot of that is also somewhat hidden and not the most obvious places.
05:06Always, you know, it's something I do a lot.
05:08I hop into the settings of almost everything I test and just take a look at what capabilities
05:12are there, what features are there, but also, you know, what permissions does this service need?
05:17I'm a tech journalist and I still find menus on my TV to be kind of baffling and you might
05:22not know that's even there or that's even an option or that this data is being collected
05:27in the first place.
05:28It's worth going through those settings and definitely trying to make sure that you're
05:31understanding at least what it is that it's collecting about you.
05:33So the voice assistants, they're always listening.
05:38The mic input is on, but they only start recording once it thinks it's heard a wake word and then
05:44that audio is captured.
05:45A large part of these voice assistants on these smart speakers is connecting to other smart
05:51home devices, right?
05:52So the whole purpose behind them was if I'm going to get smart shades or if I'm going to
05:57get a security camera or a smart thermostat, I can just say, hey, set the thermostat to 60
06:0268 or, hey, can you close the shades in the bedroom?
06:05But obviously you've invited a thing that is constantly listening.
06:10Yeah.
06:11It's one that I really struggle with because it is so convenient and, you know, especially
06:15if you're a person with mobility issues, it allows you to do things you might not otherwise
06:19be able to do, but it really creeps me out.
06:21I had one for a while and I decided after it stopped working to just not try to make it
06:26work anymore.
06:27And there are some things you could do, like there are usually physical mic switches on
06:32these smart speakers that allow you to turn off the mics when they're just not in use.
06:36But then it kind of goes against the whole purpose of like being able to just quickly
06:39ask a question if you have to go to the device and turn on the mic.
06:42But it's just what you're willing to accept in terms of security.
06:45Even if you had certain privacy protections when you bought a smart speaker, like an Amazon Echo,
06:50you don't necessarily know if those protections are going to change.
06:52For example, Amazon updated its terms of service so that users of its Echo devices can no longer
06:58opt out of sending their voice recordings to the company.
07:00It might not seem like there's been a lot happening in this space, but there's actually
07:04now going to be another bit of a wave, I think, in terms of these devices, because
07:10now it's all about incorporating artificial intelligence.
07:13For example, Google is upgrading a lot of its Nest products with Gemini, its large language
07:19model, so that it can understand things like the ability to recognize a FedEx driver coming up to
07:24your doorway and then you later on asking, hey, did FedEx come by today?
07:28Because large language models have large data sets that they can train on, they're now capable of
07:33that more natural, free-flowing conversation, which might mean that there are going to be new
07:38devices that people might want to upgrade to, or those capabilities might come to older devices.
07:43That's a perfect example of how these risks can be introduced when you get a device.
07:49Like, you might be getting a device with certain features in certain settings, and then things change,
07:53or the company gets sold, and you don't necessarily have control over your data in those situations.
07:59You know, if you have an older Alexa device and you don't want your recordings being sent to Amazon,
08:04you basically just have to decide whether you're going to keep that device and keep using it at all.
08:08Smart locks, the selling point is you don't have to necessarily carry your key, although I highly recommend
08:16if you have a smart lock to still carry your keys because they rely on batteries.
08:20You can even share your passcodes with family and friends so that they can enter your home if you're away,
08:25they need to check on a dog, but there are more risks because now you've put the keys to your home
08:31in a digital platform and that, you know, that just might not be great from a security standpoint.
08:37If something does get hacked, someone could theoretically enter your home,
08:41or at least capture, like if your smart lock has a camera on it or a microphone,
08:46it could capture some data from that as well.
08:48It's kind of ironic that something that's like literally for security could then be less secure
08:53just because you're adding these more convenient features.
08:56Yeah, I mean, a lot of locks have the ability to auto-unlock as you approach
09:01and that most of the time relies on your phone's location,
09:05which means when you enter a specific area of your geofenced area of your home, the door will unlock.
09:11That, I feel like, to me at least, seems like a potential data point that someone would love to have
09:15if they wanted to target you specifically.
09:18There are some security standards you can probably look for.
09:21Are they following AES 128-bit encryption?
09:24Is the app two-factor authenticated?
09:27How physically capable it is as a lock, whether it's a retrofit over your existing deadbolt
09:32so it might not change the entire hardware?
09:34That might be better than something that completely replaces your hardware,
09:37especially if it's from a company that doesn't have a history of making locks,
09:40but also making sure that the company has a good track record in following best practices to keep your data secure.
09:46Another issue that kind of applies to all these smart devices is them going out of date
09:51and just not getting firmware updates, and then you need to replace the whole thing.
09:55Once you've installed a lock, you're not going to go out and install another one anytime soon,
10:00or you hope that you don't have to.
10:02Yeah, and a lot of capabilities are usually updated through the app itself,
10:05but obviously, as you said, it's one thing to make sure that, you know,
10:08especially if it's been 10 years or so since you installed a smart lock,
10:12probably just check that there are security updates still being issued.
10:15Do companies stop issuing software updates or security patches because there's some good reason for that,
10:22or are they just trying to get you to buy another one of the products?
10:24I mean, I think companies have it in their power, especially big companies,
10:29to offer significantly longer software update cycles for, you know, these kinds of devices.
10:35Whether there's also an element of planned obsolescence and they want you to upgrade to the next thing,
10:40I'm sure that is definitely also a big part of it.
10:43That's kind of why we encourage people to look at some of the bigger brands,
10:47because if anyone is going to at least support a product for something like a decade,
10:52it's probably the company that has those resources.
10:55Definitely, we could stand to ask and force companies to require that some of these products,
11:00that especially you don't expect to change that often should get support cycles that reflect that.
11:10Companies are sort of pitching, again, convenience in terms of a Samsung SmartFidge might have a display on the outside that's basically a tablet,
11:18and you might be able to leave sticky notes for everyone in the house,
11:21or you might be able to even play YouTube videos to follow recipes along.
11:25But also in the inside, they could have cameras,
11:27and cameras can be used to detect the types of things that are inside your fridge,
11:31that you can even look at remotely into your fridge.
11:35Like here, when I need to check the milk situation.
11:38And it's true, some of that is convenient,
11:40but especially with something like their family hub line of refrigerators,
11:43where there's a display on the outside,
11:45you have to know that like you're probably going to have to sign in.
11:48YouTube, Instagram, whatever it is you want to have on this like essentially a tablet display,
11:54all of that is now under the protection of what this fridge brand is doing to keep your data secure.
12:00You make a really great point about it being another point of failure
12:03and just kind of introducing complexity into your life and thus risk,
12:08because it's designed, it can be hacked.
12:10Yeah, I don't think there's a lot of people that are going to hack your fridge
12:13and look at what is in your fridge, but it does mean they might get other compromising information from you, right?
12:19It's not just big appliances like refrigerators and stoves that are connected to the internet.
12:23It's almost everything from coffee makers to toasters to even air fryers.
12:28One report found that some air fryers were automatically collecting personal data
12:32and sending it back to the company.
12:33Others were asking for things like gender and date of birth.
12:36There's a whole other side to it as well in terms of like repairability and long term durability of if there's a screen
12:42and there's a screen is the only way for you to, you know, interact with your oven.
12:46What happens if you accidentally drop a cast iron pan on it and now it's broken
12:50and now you can't really configure your oven or you can't interact with it.
12:54Now you have to spend that money to get it repaired.
12:56It's going to be more expensive.
12:57And also in terms of just, you know, how long it's supported for over time if a particular feature breaks
13:02and the only way to interact with it is through the software.
13:05But there's a glitch and a company is not going to update it anymore.
13:08Now you have fewer options in what you can actually do outside of just dumping that entire smart oven.
13:17Security cameras obviously have to be recording.
13:20Usually companies offer some type of a cloud based plan where you can store video data for 30 days, for example.
13:28And after that it's deleted.
13:29Some security cameras also let you record directly to local storage.
13:33Although there have been certain incidents where what was promised as local storage ended up also accidentally going to over to the cloud.
13:40You also do want to make sure any video that is sent over to the cloud for, for example, the convenience of being able to look at your footage from a remote location
13:49when you're not home that it's encrypted so that people can't just look at your streams.
13:53Storing the footage locally is definitely better for privacy.
13:57But it's also you have to have the technical know how to secure that storage.
14:02If somebody did want to target you for some reason, then they would be able to potentially gain access to hundreds of hours of footage of your family or whatever you've pointed the camera at.
14:10Right. Nowadays, security cameras aren't just also cameras.
14:14They have algorithms and facial recognition features.
14:17So there's that other aspect of the data that they're collecting.
14:20You know, now a big new thing that a lot of these companies are trying to pivot to is using artificial intelligence so that, you know, you can just ask your Google Home app or your Alexa.
14:29Hey, did FedEx come by today?
14:31And it'll have understood what is a FedEx employee, what they generally look like, what the clothes they wear is if they're holding a package.
14:37And you can even ask things like, is there a package for me at the front door?
14:41You can even add people's names if you really want in terms of like, oh, that's my wife.
14:46Brittany is at the front door.
14:48I didn't know that they are building facial recognition and image recognition into these home devices that extensively.
14:55And that's quite frankly terrifying.
14:57Yeah, I mean, a lot of that, I believe, is completely on device and local.
15:00So I don't think that information is being shared.
15:03The idea is that because a lot of them will say person detected, right?
15:06They have person detection, animal detection.
15:08Instead of just getting these arbitrary person detected, which might not provide you much value, it might be more helpful if it says XYZ came up to your front door and that person's a friend.
15:18I think that's a really great example of how these privacy erosions happen.
15:22A company builds in a new feature that solves like a minor problem or makes it, you know, 10% better.
15:29But then you've introduced this new acceptance of just having facial recognition everywhere.
15:33And everyone is then just like, yeah, that's just how cameras work.
15:36It's just that becomes the norm.
15:38So Ring is another big part of all of this.
15:41They weaponized in some ways their video doorbells and security cameras by sharing information and footage with local police departments in the past.
15:50That's really how Ring was built was by going to local police departments, giving them the ability to offer people in their community deals
15:58through the police department to buy Ring cameras.
16:00And then in turn, Ring had really close relationships with police.
16:04They had a specific feature that allowed somebody to share their footage directly with the police department.
16:10Solving crime is great.
16:11Nobody wants crime.
16:12The issue is that it really rapidly indoctrinated people to just constant corporate surveillance.
16:19I worked on one investigation several years ago where we were able to map every Ring camera in a specific area.
16:25And we were able to see like if a child is going to walk to school, they're going to pass 75 Ring cameras and they're going to be just subjected to this surveillance.
16:34And that data is collected by a corporation.
16:36Ring is owned by Amazon.
16:37And, you know, we don't know necessarily what that footage is going to be used for.
16:42And I think it's more just becoming comfortable with making constant surveillance the norm.
16:51The convenience of that Wi-Fi capability in baby monitors is basically the ability to remotely look at and monitor your baby.
16:58Even if you're not at home, like if you have a nanny taking care of the baby, you can check on the baby yourself if you're away.
17:04But obviously all of that introduces all of these potentials for violating your privacy.
17:09There was a story of like a woman who found that there was some stranger whispering through her baby monitor.
17:16And that's that's terrifying. That's creepy.
17:18So while security cameras and baby monitors are very similar in terms of their functionality, there's some reporting that shows even the best Wi-Fi connected baby monitors are less secure than regular security cameras.
17:28You know, a lot of times you see companies that make something that's not historically Wi-Fi connected and they start adding in those capabilities.
17:36They just don't have the team that knows how to add the security measures.
17:39And so they just haven't invested in security as the top priority as they add new features or new capabilities.
17:45A lot of these smart home devices, especially something like a baby camera, like when you're setting it up, you would want to make sure that there is a two factor authenticated method of signing in securely.
17:54So that even if your password is compromised, a threat actor can't hop in and just willingly access everything.
18:01They would need a secondary device for you to authenticate that it is you.
18:05That should apply to every device or app that you can possibly add to factor two. Definitely do that.
18:10You know, I'd say it's one of those situations where you kind of really have to look at the risk versus reward.
18:16And I think taking the steps to make sure your baby cam is as secure as possible is really imperative because it's monitoring the most sensitive and precious thing in your life.
18:25Smart thermostats are great. They can lower your energy bill and tell you if something's wrong in your HVAC system.
18:33But they also collect a ton of sensitive data, like when you go to sleep, when you're away from home.
18:38If that information is accessed by hackers, that could tell someone when they should break into your house.
18:42It's also probably being collected for advertising purposes.
18:45What coffee company wouldn't love to know exactly when you wake up to serve you an ad for their brand of brew?
18:50You know, the convenience is that you can set your temperature from wherever you are. You don't have to go to the product itself.
18:56You can even have functionality like understanding when you're not home and it'll then automatically lower temperatures or maybe even turn off certain systems so that you're not wasting energy.
19:06Some of that is based on location data with your phone, maybe.
19:09For example, I think Google's Nest thermostat now has radar in it.
19:13So it understands when you're approaching it, the device lights up with all the information.
19:17There are smart thermostats that have voice assistants built in, like Alexa, for example.
19:22But I think it might be good practice to just let that be handled by an actual hub or something else and let your smart thermostat just not have a microphone or a camera.
19:33The benefits outweigh kind of the risks, I think, for me with this one, except for the fact that they are another entry point for a hacker to gain access to your network.
19:41I would say buy the ones that have the fewer features, don't have the microphones, don't have voice assistants.
19:48Making them as simple as possible while still getting the benefits of having a smart thermostat is probably the way to go.
19:55A router is not really a smart device.
19:59It's just the thing that everything in your home is going to connect to.
20:02Routers are one of the most attacked devices because they serve as a gateway to the rest of your network.
20:06They're also really low hanging fruit.
20:08Most people don't change the default password and so hackers are able to get that information or crack those passwords and get into your network.
20:14If a hacker gets into your Wi-Fi, they can see anything that's connecting to the internet attached to your network, potentially collect unencrypted communications, and they may be able to gain access to the devices and the data that your devices are collecting.
20:26So studies show that most people don't change the password on their routers.
20:30What really is the worst case scenario in that situation?
20:32I'd say the worst case scenario is that someone gains persistent access to your network.
20:37Those devices and potentially any data that those devices are collecting or monitor you in the way that you're monitoring yourself.
20:45Routers are kind of the window into your home.
20:48Usually it's you looking through that window by your smart fridge app or your smart toaster or whatever it might be.
20:54In this case, the router is the entry point for anybody who is trying to gain access to your network to gain access.
21:01And so that's why the security of your router is just as important as anything else, if not more important.
21:06So one of the issues with routers is that you have to replace them occasionally.
21:10Can you tell me why that is like, why would I have to trade in for a new router?
21:14There's no law that says, hey, a router should be updated or kept updated for 10 years.
21:19There is a story of like, you know, Wi-Fi itself.
21:22There's new versions coming every few years.
21:24So right now the latest generation is Wi-Fi 7.
21:26So there are better security protocols in Wi-Fi 7 versus Wi-Fi 5, right?
21:32So there are genuine reasons that you would want to stay on the latest hardware.
21:36And while newer routers are backwards compatible with older Wi-Fi standards,
21:41you won't be able to access those improved security measures without actually upgrading to a Wi-Fi 7 router, for example.
21:48If you're looking to buy a smart device and you are thinking about your privacy and security,
21:55what's some advice you have for people for what to look for or what to avoid?
21:58You probably want to stick to some well-known established brands.
22:02They have a better tracker here than the resources to have a security team,
22:06to have security practices and follow the best approach.
22:09Being able to patch and quickly update devices if there is a security breach.
22:14It's not about if your company's product gets, you know, hacked.
22:18It's about when.
22:19And one other thing you could also do is, you know, when you're shopping for a device,
22:23do you really need X feature, right?
22:26Like checking to see if your robot vacuum has LiDAR, for example, which is what cars use,
22:31rather than a camera on it, a security camera.
22:34Should you buy one with a privacy shutter so that you don't have to keep unplugging it every time?
22:39Look at all the features that the product provides.
22:41If there's a genuine need for something like that Wi-Fi connectivity, which it enables,
22:46then is there a way to at least mitigate that type of risk by opting for technology that is a little more privacy friendly?
22:53Here are six things you can do right now to make your home more safe if you use smart devices.
22:59First, use a strong password and definitely make sure you're not using the default password that comes with your device.
23:05Make sure you turn on two factor or multi-factor authentication whenever available.
23:09Always make sure your software is up to date on both your companion apps and on the devices themselves.
23:14Make sure your router is secure.
23:15That means changing the password, changing the network name,
23:18and upgrading the connection to be encrypted if possible.
23:21Do your research, make sure you're getting them from a reputable company
23:24that has a good track record with handling your data and dealing with data breaches.
23:28Set up separate Wi-Fi networks.
23:30That way, your laptop and other sensitive devices are not connected to the same network as all your smart devices.
23:36This was Incognito Mode. Until next time.