We can eliminate some security gaps in our smart household devices — here's how
Last week, after realizing that I had no idea what my partner had filled my house with — and how our security and privacy might be compromised — I took a deep dive into the Internet of Things (IoT) devices in my home. I found eight different smart devices that were spying on me to various degrees, from “actually not spying” to “now China knows everything about me.”
Those devices were:
This week, I figured it was time to actually close some of those security and privacy gaps. First step: Securing our home network. Your Wi-Fi router is the virtual entrance to your home, so ensuring it has a strong password is always the very first thing to do when you’re working on at-home security. You can also make sure your router has a firewall, which protects your home against everything from malware to hackers.
I also checked with my partner to make sure that our smart devices were on guest networks. This ensures that if one of them is compromised, it won’t act as an access point to everything else on our network. Each network needs to have its own name and own password, so that info gathered from them can’t be used on the others.
And speaking of passwords, I also checked to make sure that each device has its own unique password. According to previous research done by Avast and Stanford, using factory-assigned passwords is the cause of the most vulnerabilities for smart devices. So change your passwords, people!
Once all of that was tightened up, it was time to look at each individual device.
According to Vizio, they actually haven’t been collecting data on users since 2017, when they turned off Viewing Data collection. However, we got our TV in 2017 — and it was secondhand — so I decided to double check.
I went to Settings, then Rest & Admin, then Viewing Data. And guess what? It was still on! So I’m glad I double checked — and toggled it off. No more TV spying in this house!
I grouped these four together because I found in my research that they all had the same potential problem: Google likes collect data on people, even if their security is good. That means that in order to fix them, I need to go into my Google Privacy settings. Or, more accurately, I need to go into my partner’s Google Privacy settings.
But as much as he loves me, that man is not going to let me fiddle around in his Google account. (Boundaries are important, people!). So if he’s okay with Google collecting data on him through these devices, then who am I to argue?
However, let’s walk through how I would do this, if these smart devices were connected to my Google account.
If you want to see what your Google Assistant (which we have on our Sonos One, Google Nest Hub), and Google Chromecast has been collecting — and delete that data — go to https://myactivity.google.com/myactivity. From there, click on Web & App Activity. There’s a toggle there that lets you turn off either all of your Chrome history or any audio recordings or both. If you just want to turn off audio recordings, unclick the Chrome box and then hit the toggle button.
You can also set up Auto Delete for three, 18, or 36 months. And if you click on “Manage History,” it will bring you to a page where you can delete specific things you’ve done or all of them at once. It includes your search history and anything else you’ve done on a Google device or product, so you may want to filter by product if you want to keep history on certain products. (I personally like the recommendations made by Google search, but that’s up to you.)
You can also turn the microphone off on both the Sonos One and the Google Nest. (This is actually something I did awhile ago, because I was sick of triggering like five Google Assistants when I yelled “Hey Google.”) If the mic is off, the device can’t collect any audio and therefore can’t store it.
As I mentioned in the last article, my robot mop collects data on me — but I’m okay with it. IRobot is pretty good about privacy and not selling data and my robot mop is a treasured member of my household.
But if you want to delete your data (which you can only do if you delete your whole account and which makes it so you can’t use the mop anymore), you can go to My Account, then Privacy, then Delete My Data.
The Roborock vacuum, on the other hand, is sketchy. This is the only device that I’d actually prefer we didn’t have in our home, because I really don’t trust the parent company to use the information it gathers responsibly. We actually moved recently and haven’t used it since settling into our new place — and I’d like to keep it that way.
But, just in case, I made sure that the Roborock vacuum is connected to a guest network, which has a different password than our main network. That way it at least can’t compromise our main network (and everything else that’s on it) if there’s ever a security breach.
According to my research, there’s not really anything to worry about with the Eufy Smart Scale. A little bit more digging uncovered the fact that they delete all your data when and if you delete your account. No plans to do that just yet, but it’s nice to know for the future.
And that’s all she wrote! I now feel more educated about what’s in my own home and more secure living with all of these microphones, sensors and cameras. I didn’t break anything (that I know of), and I hope this helped you feel more secure in your smart home, too.
In order to protect our loved ones and our communities during the holiday season, we've put together a list of seven creative and heartfelt tips on how to host a virtual holiday this year.
This week's Privacy Refresh is all about Instagram. Here are a batch of daily tricks to protect your privacy while using this popular platform.
Reviewing Tanya Janca's "Alice and Bob Learn Application Security", which is both a crash course in app security for newbies as well as a refresher for those that have been doing the job for a few years.