Connected device buyers guide
Internet connected devices could be a potential threat to your security. Learn how to shop for connected home products while keeping security in mind.
The Internet of Things (IoT) has arrived, ushering in a new era of connectivity and convenience. It’s all about what you want — how and when you want it. Now, when you want to watch a new release, you won’t even have to leave your sofa. Instead, you’ll ask your voice-controlled hub to locate the movie and then queue it up on your streaming video device so you can watch it later on your smart TV.
With so much to gain, it shouldn’t be surprising that consumers have not only accepted these devices, they’ve made them wildly popular. Gartner Inc., a research and advisory firm providing IT-related insights, estimates that 20.4 billion connected things will be in use worldwide by 2020.1 With that many devices flooding the market, people may focus on what these new devices can do for them, and forget about security.
These products are quickly creating an amazing and interesting new world, in which it seems as if a new smart device or must-have gadget comes out every day. But what makes these products “smart” may also create possible security risks. With that in mind, here’s a look at some popular connected devices people are buying, plus a glance at the types of data they may collect and share.
Before you buy, do your research
Devices are smart in part because they collect an abundance of personal data. And, as people have learned with laptops and smartphones, anything that collects information about you and connects to the Internet could be a potential threat to your privacy and security. While collecting data isn’t necessarily a bad thing, you should pay attention to:
- The types of data these devices collect
- How this data is stored and protected
- Whether your data is shared with third parties
- The policies or protections to deal with data breaches
What types of information does the device collect?
While a primary concern with laptops and mobile devices has been the ability to protect personal information — such as your name, address, or birthdate — many people may not realize that IoT devices also collect personal information. How do smart home hubs, thermostats, lighting systems, and even coffee makers “learn” about you? Smart devices are programmed to use machine learning — a type of artificial intelligence — to help the device combine collected data about your habits and usage patterns to become smarter about your preferences and adjust itself accordingly.
Here are some types of data collected by popular smart home devices.
Thermostats
- Geo-location
- Device username and password
- Motion sensor readings that could indicate when you enter or exit a room
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
Security cameras
- Geo-location
- Image recordings
- Device username and password
- Location of each camera installed in the home
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
Voice-controlled hubs
- Voice recordings
- Voice recognition (biometric information)
- Geo-location
- Device username and password
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
Televisions
- Device username and password
- Credit card information
- Geo-location
- Voice recordings
- Image recordings
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
Streaming video players
- Voice recordings
- Device username and password
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
- Geo-location
DVRs
- Device username and password
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
Door locks
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
- Geo-location
- Device username and password
Baby monitors
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
- Voice recordings
- Device username and password
- Geo-location
- Image recordings
Toys
- Chat messages sent by child
- Voice messages sent by child
- Photos sent by child
- Videos sent by child
- Image recordings
- Personally identifying information (e.g., your name, home address, date of birth, email address, phone number, etc.)
- Wi-Fi network identifiers and credentials (e.g., network name, IP address, and password)
- Device username and password
Is my data shared with other companies?
Although it may not be common knowledge, some device manufacturers can and do share user data. Sometimes it can be general usage statistics sold to advertisers, and sometimes the manufacturer shares data with third parties so devices work the way they’re supposed to. Sharing data with third parties is something you need to be aware of, as data breaches may happen. Look for a clear privacy policy that spells out what data the manufacturer intends to access, save, and transmit to third parties. You can usually find privacy policies on the manufacturer’s website, typically near the bottom of the homepage.
What happens if something goes wrong?
Although connected devices haven’t been around forever, you can still do some consumer research about how individual manufacturers have handled any previous issues. Here are two ways:
- Check product reviews, which can usually be found on major shopping websites and even on the manufacturer’s website. Read about other users’ experiences with the product before buying it.
- Find out if the manufacturer has suffered a data breach and how that breach was handled.
After you buy, help protect your device
Now that you’ve done your research and found your perfect new gadget, there are some things you can do to help increase the security of your device.
Update software and firmware
One thing that consumers may overlook about connected devices is that they are computers, connected to the Internet. These computers — some as small as a coin — are still vulnerable to malware. You can help keep these devices secure by updating any firmware or software, although you may need to proactively check the manufacturer’s website for updates. Not all smart devices may use automatic updates, so software updates may not be as simple as they are for smartphones, for example.
Check that password
Did your device ship with a default password? If it did, the manufacturer’s website should have instructions on how to change it. Make sure the password you create is complicated, unique, and hard to guess. Fight the temptation to use the same password with any other devices. Although it might be easier to memorize a single password, if a hacker learns that password, he may be able to use it on those other devices.
Invest in a secure router
A good way to help defend networked devices is to make sure that your router — the front door to your online world — is secure so it can help protect your network. Remember that not only are your IoT devices connected to the Internet, but they are also connected to each other. The STAR (Security Technology and Response) research team at Symantec, the parent company of Norton, has been keeping a close eye on the threat landscape created by the expansion of the Internet of Things, and it seems that the risks are growing. After extensive research and development, Symantec has released the innovative Norton CoreTM secure Wi-Fi router, which provides a unique solution to help secure today’s smart homes.
Norton Core is built like Fort Knox2 for your connected home. As the first and only high-performance, secure router with Norton protection bundled into it, Norton Core helps protect connected homes. (It comes with a 1-year complimentary subscription to Norton Core Security Plus.) Norton Core fundamentally changes the equation as it has been consciously designed and developed with security (e.g., data encryption, secure DNS, and automatic security updates) as an important consideration.
Whether it’s a thermostat that can help you conserve energy, or a slow cooker that you can program remotely to start dinner so it’s ready when you get home, smart things are here to stay. As long as you understand the potential security risks that exist in the Internet of Things, take some common-sense precautions, and help safeguard your home network, you should be able to enjoy all the benefits these connected new devices can offer.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.
Want more?
Follow us for all the latest news, tips and updates.