What’s the connection? Smart devices were a bit late to the party when it comes to data privacy protections, and hackers, just as they are with attacking your web browsing, are increasingly clever. Still, for all the fears, there’s some basic advice everyone can and should do to protect themselves, and it’s not as scary as you think. Also, remember that, as with coronavirus, the basics protect you from most of the risks. That means that if you want to have IoT devices around, like smart speakers, a wiser route is going to be by shopping in Apple or Google’s walled gardens, and here we’ll break down their different approaches and product solutions in both realms.
Voice
Hanson also adds that you should turn off “one-click” style purchasing. It might be easier, she says, but it means a company is storing your credit card information, which always makes it more vulnerable. And if you just can’t live without that convenience, Hanson says then only register a credit, rather than debit card. That way your whole bank account can’t be fleeced in a data breach. As for search, Apple’s policy is that Siri commands aren’t just encrypted, but that they’re depersonalized, meaning there’s no IP address associated with the search that’s traceable back to you. The search isn’t stored on any server for Apple to release, so a query like asking about the five-day forecast won’t result in weather apps spamming you online. Apple and Google rely heavily on two-factor authentication (first a login, then a one-time PIN sent to your phone, etc.) for any action that might put either personal or data security at risk. For instance, Apple’s smart speaker, HomePod, as well as Apple TV and Siri on an iPhone or iPad, all allow voice control of other IoT devices, but they don’t allow voice control over physically unlocking a door, window, or disarming security (though you can lock a door, because it’s assumed you’re already indoors). For control of IoT physical locks and security devices in the Google sphere, the company ensures all devices have two-factor authentication.
Video
Both iOS 13 on iPhones and iPadOS on iPads allow you to use connected cameras from brands Logitech, Netatmo, and Eufy that don’t send content to the larger web. Instead, the captured content goes to iCloud, so you can view it remotely (after two-factor login), and then is erased after 10 days unless you download it. You can set these systems up to notice when your infant is crawling in her crib or a delivery person arrives, or to be specifically aware when your teenage child is back home, but the content isn’t accessible by anyone but you, and Apple cannot see it, either. You can also set up the Netatmo Smart Indoor Camera to ID (via facial recognition) in- and out-groups. If there’s someone in your home who shouldn’t be, the camera will fire you a shot/video of the person’s face. Google operates slightly differently around face identification for devices like Nest Hub Max, which is like a smart speaker and tablet in a single device, as well as for standalone Nest cameras. Google says Nest cameras use facial recognition to identify it’s you (or people within a group you’ve given certain permissions to) and then two-factor ID is used after that to use voice to control locks, alarms, etc. But none of this data is shared beyond your network. While your search settings on a web browser will allow some customized advertising, Google’s privacy commitments say that they will not sell/customize based on voice or recorded video content or home environment sensor readings. Possibly, according to Bergman, your data could be stolen, because old hardware was frequently hard coded with weak or zero security. Though Bergman thinks it’s far more likely your connected devices will be used for botnet attacks for larger cyber-theft operations. In that case, you’ll know because your web surfing and binge-watching will screech to a halt—and sadly, you’ll never know exactly why. So which routers do security experts dig? Ones that offer more control, for certain. The Eero, for instance, lets you see every single device that’s connected to your home network and control what it can and cannot communicate with. Set up the Eero to ping your phone if a new device tries to connect to your network and that way you’ll have additional control over random drive-by WiFi grifters. Nest WiFi works like Eero, in that it’s scalable, allowing you to add repeaters if you need to spread connectivity over a larger area. Like Eero, it also lets you see who’s online at any point, scheduling digital “timeouts” for your kids, as well as prevent them from surfing content that’s inappropriate. And you can guardrail which devices do and don’t have web access, too.