This past holiday season, AI-powered devices like the Amazon Echo and Google Home were among the hottest gifts across any product category – a trend that speaks to the rising popularity and acceptance of smart home technology in the U.S. But as innocuous as it all seems on the surface, does a darker reality exist beneath the surface? Some would say yes – and that it’s only a matter of time before our smart homes become too smart for our own good.
Smart Home Tech Adoption Rates on the Rise
It’s estimated that the smart home market was worth around $24.1 billion in 2016. That number is anticipated to balloon to $53.45 billion by 2022, when 7 million households (or roughly 55 percent of all homes) will have smart speakers and other products installed in their living spaces.
According to a separate set of research, 54 percent of American consumers plan to purchase a smart home device of some sort within the next year. The majority of these consumers already own at least one smart home device and the only major barrier to purchase is price.
It stands to reason that, as tech companies reach economies of scale and prices drop to more reasonable figures, an already vibrant smart home industry will see a fresh infusion of activity. And once the majority of American households have smart home technology integrated into their homes, it’ll be too late to recognize and neutralize some of the less savory consequences that come with these connected devices.
It’s impossible to discuss smart home technology without touching on the issue of cybersecurity and all of the various consequences that come with it. It’s a serious topic that deserves serious attention.
According to Rambus, an estimated 80 percent of IoT devices are vulnerable to a wide range of cyber attacks. Connecting these devices – which most people do within the smart home – only amplifies the risk by creating a web that hackers can use to “enter” into homes and compromise privacy or steal data. Think of it like a line of dominos. Once one device is tripped, the rest can easily be knocked down as well. Device hijacking is one common method.
“These attacks are quite difficult to detect because the attacker does not change the basic functionality of the device. Moreover, it only takes one device to potentially re-infect all smart devices in the home,” Rambus explains. “For example, an attacker who initially compromises a thermostat can theoretically gain access to an entire network and remotely unlock a door or change the keypad PIN code to restrict entry.”
Other common cybersecurity threats within the smart home include man-in-the-middle attacks, distributed denial of service (DDoS), and Permanent Denial of Service (PDoS). These attacks can result in data theft, identity theft, and even a loss of physical privacy (when cameras and microphones are involved).
Speaking of microphones, this is one of the more significant worries when it comes to AI-assistants like the Amazon Echo or Google Home. These devices respond to cue words, like “Hey, Google” or “Alexa.” In order to pick up these cue words, the devices must always be listening. And while device manufacturers claim that nothing is recorded until the cue word is given, the veracity of these claims is hard to prove. Skepticism is at an all-time high and people wonder if they’re exchanging their privacy for novel conveniences like turning on a light without needing to stand up and manually flip the switch. Is it worth the risk?
Stories like this one, from a Portland woman named Danielle, raise a lot of questions. (There was an incident where a private conversation she had with her husband was emailed to a random work colleague.) Then there’s the recent report that teams of employees and contractors at Amazon are assigned to the daily task of listening to snippets of conversations – as many as 1,000 per shift – along with the customer’s name, device serial number, and Amazon account number. (Among the recordings employees have reviewed are a woman singing in the shower, a child screaming, and even a sexual assault.)
While Amazon and Google continue to spit out the same boilerplate releases about information being anonymous and recordings treated with high levels of confidentiality, there’s reason to be alarmed. In 2016, an Arkansas man arrested for the murder of a friend in his home had his Amazon Echo recordings subpoenaed by the police. The request for this data led to a significant court battle and shows just how close we may be to a “police state” where privacy – even in your own home – is no longer respected.
At this point, we simply don’t have enough evidence or history to know what the full effects of smart home technology and connected devices are. As devices become more functional, the unintended consequences will presumably increase.
For example, many newer ovens can actually be turned on remotely via a connected app. But what happens when nobody is home to check on the oven after it’s been turned on? What if a child placed a toy in the oven and it suddenly combusts? What if the homeowner gets a call from a friend to go out for dinner and forgets that the oven was turned on? Could smart ovens increase the risk of house fires?
Hypothetical situations like these might not be entirely likely, but they’re worth addressing. In fact, the unintended consequences may be the most dangerous. Homeowners don’t know to look for them, so they’ll never see them coming.
Finding the Appropriate Balance
Smart home technology isn’t evil – and it’s also here to stay. So the issue isn’t whether to ban devices or create tech-free bubbles. Instead, the challenge is finding the appropriate balance between technological convenience and security/privacy.
At this point in time, it isn’t clear what the appropriate balance is. There certainly needs to be greater transparency from the manufacturers and service providers on the device side of things. Greater accountability is also a necessity. But at the end of the day, it’s up to each homeowner to look out for his or her own best interests.
Published May 22, 2019 — 14:52 UTC