The Threat of IoT Spies: Real or Imagined?

Written by: Sam Chester

What is considered to be the first-ever “smart” device (a toaster that could be turned on and off via the Internet) was invented nearly 30 years ago in 1990. By 2008, the number of smart devices exceeded the number of people worldwide. Moreover, in 2017, the number of connected devices reached 10 billion. By the end of 2025, there are expected to be more than 64 billion IoT devices worldwide.

The possible rise of the robots is not the only problem people should worry about. The issue of privacy remains one of the biggest IoT threats. Here is the deal — When you are connected to everything, it is hard to protect all the devices simultaneously, and the chances your data will be compromised are increased. Once the smart device is hacked, your data can be intercepted. So, if an intruder manages to attack a smart TV with a camera and microphone embedded, they can watch and eavesdrop on a user without concern. And, such attacks are not uncommon.

What is the privacy challenge with IoT, and how big is it?

In 2018, the Mirai botnet showed that IoT devices are vulnerable not less, and sometimes more, than computers. The single botnet was able to amass an army of routers, cameras, toasters and even smart baby monitors to organize a large-scale DDoS attack. The fact is that hackers have realized that it is getting harder to gain access to people’s computers and desktop, so they are seeking alternative ways to get their data. The onrush of IoT technology gave them such an opportunity. Using the device’s loopholes, they can sneak into your coffee maker or vacuum cleaner to undermine your Internet safety. In addition, there have been a lot of malware created for IoT ecosystems including Tsunami, Hydra, Brickerbot, Gafgut, Psybot and others.

One of the biggest privacy problems with IoT is that the devices can collect, receive, store, analyze and transmit data without users’ consent. Some companies have never hidden the fact that “spying functionality” is embedded in their devices. For example, Google Nest Cam stores its users’ logs in the cloud for 30 days for further analysis. Actually, the entire IoT architecture is based on this spying capability. Your smart tracker knows where you are, your smart refrigerator and microwave identify what food you prefer, your memory card security camera knows what is going on near your place, your baby monitor can hear everything in your room, and your smart vacuum cleaner knows your home scheme. Is it even worth saying out loud that either intruders or advertisers can use the data for their own purposes?

Should we be worried?

In a bid to make their homes smarter, people often do not pay enough attention to the devices they install, like using cheap low-quality security cameras replete with loopholes in their operating system that hackers can easily benefit from. Have you ever heard of the Shodan? This service can monitor the Internet and collect data from insecure webcams and other connected devices. If a simple service is capable of this, an experienced hacker can easily penetrate a whole IoT network by exploiting the vulnerabilities of a cheap camera.

Devices with voice-activated control offer great opportunities for spying on users. Think, for instance, of Alexa, which is one of the most popular and controversial Amazon products. The voice assistant is a perfect example of what AI, machine learning and IoT tech are capable of when all together. With Alexa, you can surf the Internet, create to-do lists, play music, manage smart interior items, do online shopping, and so on. Recently, some users complained that the Echo was laughing creepily at random times. Amazon said that this bug occurred due to a simple misunderstanding — Alexa can mistakenly hear the phrase “Alexa, laugh”. Moreover, some customers guess that Alexa might listen to people’s private conversations and use the received data for its benefit.

In 2019, the incident related to Alexa’s helpful activity received widespread publicity. A woman in Portland discovered that her device had recorded a conversation with her husband and sent the recording to one of her husband’s colleagues. The fact is that Amazon has employed thousands of people who are responsible for listening to the recordings from Echo users to improve the comprehension skills of the device. Some of those employees have confessed that sometimes they come across stuff that might be specified as private.

Yes, there is definitely something we should worry about.

What are some best practices to make your IoT network more safe and secure? With the Internet of Things, privacy is still questionable. It is a complex matter that requires a serious approach. First of all, many cybersecurity experts consider those voice-activated devices as untrustworthy. If you cannot avoid buying such devices, at least turn them off whenever delicate and private information is shared or announced (good advice if you like to converse in whispers in your own home).

The first thing you should do to secure your IoT ecosystem is to go to your device settings and turn off all the features that may collect and analyze your data.

A great practice is a Virtual Private Network. A VPN technology creates an encrypted connection and allows us to protect all devices at once. The easiest way is to install a VPN on a router — even more so, the setting up and configuration on a router is a piece of cake.

Do you have any smart things in your house? Tell us how you protect your IoT network in the comments below. 

Sam Chester is a co-founder of, a website dedicated to online privacy and cybersecurity. His area of expertise includes data security and analytics, software, and Internet censorship

You May Also Like

About the Author: Contributor