Glitches of early iterations aside, AI-based technology has come a long way, and has an increasingly active presence in the lives of homeowners who are looking for convenience and savings in a pushed-for-time era. From adaptive thermostats that automatically gauge energy usage and alter temperatures for optimal savings, to smart home speakers that use sophisticated artificial intelligence to provide services and information in real-time, a smart homeowner can now cross off a variety of menial tasks from their daily to-do list without doing more than speaking a phrase out loud or clicking a button on their mobile device.
What is the true cost of this convenience? Some gadget adopters are reporting invasion of privacy, security risks, and more. For those who have not yet invested in smart home technology, these factors are largely holding them back; in fact, it is the second-biggest reason for hesitation for 17 percent of non-users, behind price (42 percent), according to a recently released report by PricewaterhouseCoopers (PwC), “Smart Home, Seamless Life: Unlocking a Culture of Convenience.” In addition, 56 percent of surveyed individuals stated they would choose encryption to protect their data when creating their own smart home.
What are these misuses of technology that could lead to privacy or security risks? These are a few of the reported instances thus far:
Gadgets May Be Susceptible to Hacking
Last August, Wired published a story about a British security researcher for MWR Labs, Mark Barnes, who was able to install malware on an Amazon Echo device, turning it into a surveillance device that silently streamed audio to his own server. While newer models cannot be jailbroken this way, Amazon has not released any software to fix the issue with older units.
For the typical owner, this may not seem like a significant violation; however, this could lead to another type of home theft in which fraudsters break into homes looking to steal identifying information via smart home gadgets, leaving little to no evidence of their break-in behind. While Barnes installed code for the specific purpose of audio streaming, he clarified that the installation of malware could serve other uses, such as stealing access to a homeowner’s Amazon account, installing ransomware or attacking parts of the network.
Smart Technology Could Lead to Location-Based Tracking
Earlier this month, security investigator Brian Krebs reported on a privacy vulnerability for both Google Home and Chromecast—found by Craig Young, a researcher with security firm Tripwire—that leaks accurate location information about its users.
According to Young, attackers can use these Google devices to send a link (which could be anything from a tweet to an advertisement) to the connected user; if the link is clicked and the page left opened for about a minute, the attacker is able to obtain a location.
“The difference between this and a basic IP geolocation is the level of precision,” Young said in the article. “For example, if I geo-locate my IP address right now, I get a location that is roughly two miles from my current location at work. For my home internet connection, the IP geo-location is only accurate to about three miles. With my attack demo, however, I’ve been consistently getting locations within about 10 meters [32 feet] of the device.”
Google initially told Young they would not be fixing the problem; however, after going to the press about the issue, Young reports that Google will be releasing an update in mid-July to address the privacy leak for both devices.
Glitches Could Lead to Invasion of Privacy
According to local news stations in Portland, Ore., a resident (reportedly named Danielle) received a disturbing phone call from one of her husband’s employers telling her to shut off her smart home devices. After using Amazon devices throughout her home to control temperature, lighting and security, Danielle was made aware that a private conversation was accidentally recorded by Amazon’s artificial intelligence system, Alexa, and was sent to a number on the family’s contact list.
Amazon has since reported that the Echo speaker picked up words in Danielle’s background conversations that it interpreted as “wake words” for recording and sending audio to a contact; however, an article published by website The Information last July states that Amazon was considering obtaining recorded conversations and sending transcripts to developers so they can build more responsive software, making it unclear if these devices automatically record audio without waiting for “wake words.”
These Vulnerabilities Could Impact Real Estate
Smart homes are increasing across the country. According to Statista, a statistics website, the estimated value of the North American smart home market will be $27 billion by 2021.
Of course, the vulnerabilities that have cropped up for some users could have an impact on the selling process. For example, some sellers have already begun using their security systems as a way to listen in on prospective buyers or watch them as they visit the listed home, regardless of whether local laws prohibit these recording practices.
Additionally, if homeowners have devices such as Google Home or Amazon Echo, but do not have security cameras, how can they be sure that visiting buyers are not accessing sensitive information through these speakers? While agents always play a role in adding a measure of security by being present during showings, fraudulent activity that is internet-based only, such as obtaining online data through links, will be difficult to identify.