Smart TVs, security cameras, smart thermostats, smart plugs, smart doorbells, Alexa Echo, Google Home. All of these are capable of collecting data from your home (network traffic, connected devices, shared files, image, voice, video, etc.), and capable of sending data out to anywhere over the Internet, uninhibited.
Earlier this year, a conversation between a husband and wife in the privacy of their home was recorded by Amazon Alexa and sent to a random person in the family’s contact list. This was how Amazon explained the incident:
Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right.’ As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
Amazon said that Alexa asked (loudly) for permission to send the recorded conversation, but according to the wife, the device did not audibly advise her it was preparing to send the recording.
The scary part of the story is, Alexa starts recording when it thinks it heard the wake up word. It sends a recording out when it thinks it heard your command to send. And, had the person receiving the recording not called back, the couple would have never known that their private conversation was recorded and sent out by Alexa.
I recently bought a TP-Link RE305 WiFi range extender. But what happened after I plugged it in to my network gave me a big surprise.
As you can see from above, the WiFi extender was sending about 250 requests to 6 random IP addresses every 15 minutes! It almost looked like a compromised device participating in a DDoS attack!
Looking at the details revealed that all these requests were sent out to NTP servers. And indeed those IP addresses belong to NTP services ran by various organizations. But still the huge number of NTP requests is an anomaly. There’s absolutely no reason to sync time every 3-4 seconds!
As it turned out, it was a bug in the TP-Link firmware. Upgrading to the latest version resolved the problem. The point is, you can never make assumptions about what a device will do on your network.
On your router, a firewall separates your internal network (LAN) from the outside (WAN). The firewall blocks outside requests to access your network unless you explicitly allowed it to (e.g., port forwarding, UPnP). By installing a device in your network, or an app on your smart phone, you immediately give the device/app all privileges on your internal network. This can bring several security risks to your network:
So what can you do to minimize your risks?
Update: After I finished this posting, I stumbled across a very interesting article on the same subject. Here you go: The House That Spied on Me.