Last month (Jan 2020), Google blocked Xiaomi devices from the its Google Assistant smart home platform after a Xiaomi smart camera was found inadvertently displaying video feeds of other Xiaomi users’ cameras on the Google Nest Hub smart display.

Just a month earlier, (Dec 2019) data belonging to over 2.4 million customers of United States security camera maker Wyze were exposed to the public.

The data leaked include customers’ email addresses and some of their health information linked to a test of a new smart scale product.

The rise of smart surveillance cameras and other connected devices (called Internet Of Things or IOT devices) has brought about a new convenience of connectivity for the modern consumers.

But are consumers paying a price for this convenience and if so, what can they do to protect themselves?

Setting up a security camera at home used to be the sole purview of uber geeks because of complex technical set ups.

Over the last few years, the modern smart camera is as simple as plug and play – connect the camera to the home Wi-Fi network and download the corresponding app to start your own remote surveillance.

Now, users can even use smart locks and doorbells as well as other IOT devices, all of which are relatively easy to configure and set up.

One of the reasons for this improved ease-of-use is that these modern smart devices connect directly with remote servers in a data centre managed by the IOT device manufacturers.

This bypasses the traditional command and control functions played by our humble home router.

We gain convenience because we avoid the complexities of setting up the home router. But this can come at the price of giving direct control over our devices to their manufacturer.

Removing the locks on your door means easier ingress, not only for the homeowner but also for the burglars.

And that is the exact situation that we are in now with the rise of these smart surveillance cameras.

It is no surprise that these smart home devices are often vulnerable. Many of these IOT makers are focusing primarily on price competitiveness and cool features, with security and privacy often an afterthought.

Another IOT security risk is the rise of the Google and Amazon smart home platforms which integrate their as well as third party products with Google Assistant and Amazon Echo respectively.

Most consumers trust that these behemoths will put effort into making sure that their own products are secure, but would they have the time and resources to also ensure that third-party IOT devices will also be safe?

As the Xiaomi camera bugs have shown, there are chinks in the armour.

In October last year, the Singapore Cyber Security Agency (CSA) and its Dutch counterpart released a 107-page joint study titled The IOT Security Landscape which called for local legislation and a global approach to IOT security.

While this is a great step forward, it will take some time before Singapore and other countries develop laws that can address this issue.

In the meantime, what can consumers like us do to protect ourselves? Below are some tips:

1. CHOOSE THE RIGHT BRANDS

The bigger brands are not invulnerable, but they would naturally pay more attention to security and privacy for fear of damaging their brand reputation. Newer players on the other hand would be more willing to cut corners to focus on business growth.

Until the IOT marketplace is better regulated, it is prudent for consumers to select their devices from more reputable brands.

2. USE DIFFERENT PASSWORDS

Many of us are guilty of this, using common passwords for all our different Internet accounts. Hackers can simply offer a free useful app, getting users to sign up with their email address and password. If you use the same password, then there is a good chance your accounts will be vulnerable.

The challenge of using different passwords is that we often cannot remember them. The good news is that there are many password managers available that automatically store your individual passwords, so you only need to remember one master password.

If you are using Google Chrome, Google has a built in password manager that lets you do exactly the same thing, and it even alerts you to change your password if the site you are logging into has been compromised.

But even these one-password services are not foolproof. If your master password gets compromised, you could end up losing all access to all your passwords.

3. CONSIDER A HOME NETWORK APPLIANCE

Internet security appliances for corporations have been around for the longest time. These were little boxes that companies installed on their premises to protect their corporate network against malware and digital intrusions.

For homes, we have largely depended on anti-virus software on our end point devices such as our personal computers and mobile phones.

Recently, companies have started launching home network security appliances which provides protection for all Internet-connected devices in your home at the home network level.

These products include Trend Micro Home Network Security and Fingbox. You simply need to connect one of these appliances to your router and all your smart devices connected to your home network will be monitored and protected. They aren’t foolproof, but it’s a start.

4. BE VIGILANT AND BE CLEVER

No amount of Internet security can protect users against social engineering. Don’t take calls from unknown numbers. Even caller IDs can now be easily spoofed.

When installing apps, check for the permissions that you are giving to them. You should be suspicious if an app that displays useful information is asking for access to your microphone or your messages.

Be especially careful about apps that ask for access to your messages because your phone is usually the second factor authentication for a lot of services, including Internet banking.

According to research agency Statista.com, the number of IOT devices is expected to grow fivefold from 15 billion in 2015 to 75 billion in 2025.

The proliferation of these connected devices will also bring about the creation of a vast amount of our personal data, which needs to be protected against hackers and evil doers.

More importantly, we will have to start thinking about privacy and security protection against machine learning and AI, which are capable of processing information billions of times faster than the human brain. 

ABOUT THE AUTHORS:

Oo Gin Lee is the founder of public relations firm GLOO and was previously technology editor at The Straits Times. Vignesa Moorthy is CEO of homegrown internet service provider ViewQwest.