Smart Spies

Your new appliances may be transmitting some very personal data, and you probably don’t even know about it.

popularity

I recently penned a blog about the Stingray tracker, a device that intercepts communications from cell phones by simulating a cell tower. Basically, it is an eavesdropping-type of application and used by security agencies (so far).

Now, I hear about another eavesdropping activity. This time is wasn’t for national security but for consumer marketing and data mining.

Here is the story: Jason Huntley, an ICT consultant who lives in the U.K., accidently discovered that smart TVs from LG Electronics were, clandestinely, transmitting information back to LG servers without notification, or the possibility to opt-out. The data included private media files (amongst other things) stored on USB devices at the location where they were installed and networked.

This is interesting, but hardly surprising. These things just keep popping to the surface. Anyone who has any involvement in high tech, today, has to know this is possible, and likely occurring more than one would like to believe.

Now, Nielsen been doing something similar, forever. But here is the difference. Nielsen gets permission. And there is no sneaky, subversive way in which they do it. All the cards are on the table with their data collection. They don’t collect anything except what you are watching on TV. Your network is still sacred (at least, as far as I know). And, most importantly, you are in control and can stop being part of their group at any time.

Not so, on any account with this LG scheme. What they are doing is completely under the table. They have full control, you have none!

So, exactly how can they do this? Because of the IoT. Yes, this is a harbinger of what ubiquitous interconnect will bring. And it is only the beginning. Since it is already happening, with the IoT in its infancy, imagine how deep the well of such invasions can be once the IoT has some girth. It also demonstrations how important it will be to establish some sort of policies, rules, and regulation – on all levels.

It is easy to extrapolate how this can be used by unscrupulous individuals and businesses to take a real-time biopic of everything you do! Essentially, your smart TV is plugged into your network, along with every smart appliance in your environment. If a TV can do this, why not a refrigerator, or a home security system, your desktop computer and mobile devices, or even your smart doorbell.

In Huntley’s case, his children’s names were being transmitted in the name of a Christmas video file that his family had watched on a USB device. He said that “information appears to be sent back unencrypted and in the clear to LG.”

So what if companies want to do things like punish customers who wish to retain their privacy by crippling their smart devices – even months after they had been purchased, and without any forewarning.

And, unlike Facebook and other apps where an opt-out simply drops the applications and the user is free to select some other app, software can be cryptographically locked into smart devices. So even if you opt-out, the hardware can still affect the device’s functionality. And there is more, but a lot of this is covered in Huntley’s blog if the reader is interested.

The problem is that, without some sort of regulation, this type of underhanded activity will rule the IoT. And not just you and me, but businesses, governments, infrastructures, financial markets, medical, all the way down to neighbor on neighbor.

Everybody needs to get a handle on the risks before the IoT becomes the pervasive interconnect of everything. This shows to what desperate lows a business, and others, can sink if left to its own devices.

Even so, there is a bright side. As Huntley so aptly points out, smart minds will realize an opportunity at hand – privacy protection to thwart such obnoxious policies. A new generation of user-friendly data transmission detectors, signal scramblers, mods, advanced filters, code disruptors (a new kind of anti-virus aimed at manufacturers’ coding) and other means for consumers to protect themselves from the items they own.