Recent news has reported growing fears that home robots may have been harvesting sensitive data from owners in the privacy of their homes.
But is this really a threat? Can our household appliances become worrying presences? Can robot vacuum cleaners, for example, be used to collect sensitive data or to spy on user activity?
The answer always lies in the management of tools which, being connected to the network, present potential vulnerabilities. In fact, we know that robot vacuum cleaners can be equipped with cameras or sensors capable of collecting information on the layout of the rooms, on people's movements or on their personal tastes. Finally, this data could be sent to remote servers and used to create user profiles, to show targeted advertising or to share information with third parties without users' consent. Furthermore, household appliances connected to the network can be vulnerable to hacker attacks which, by exploiting the connections, gain access to user data or can spy on their activities.
There have been several instances where smart home appliances have been used to spy on users' activities. For example, in 2017 it was discovered that some smart TV models, from well-known brands, collected information about watching programs and sent it to remote servers without users' consent. Furthermore, in 2018 it was reported that some robot vacuum cleaners collected data on the layout of the rooms and sent it to remote servers without users' knowledge. These cases demonstrate how network-connected appliances can pose a risk to user privacy if adequate precautions are not taken.
How cyber attacks on smart appliances happen.
There are several techniques to attack these devices:
1) Phishing attacks: Emails or text messages that appear to come from reliable sources, such as the manufacturer of the appliance, with the aim of tricking the user into providing sensitive information such as passwords or other personal data.
2) Physical access: physically accessing home appliances connected to the network, such as opening them or plugging into their network ports, to gain unauthorized access to the device.
3) Software Vulnerabilities: Smart appliances can have vulnerabilities in their software or security configurations, such as weak passwords, which prove invaluable for criminals to gain unauthorized access to the device or to install malware.
It is important that manufacturers of home appliances connected to the network pay attention to the security of the software of their devices and that users take the necessary precautions to protect their security, for example by using secure passwords (changing the default one) and keeping the software of the their devices.
Another risk to user privacy can emerge from the transfer of personal data outside the European Union. This is due to the fact that personal data protection laws are different in different countries and do not always offer the same level of protection guaranteed by European laws. For example, there may be laws in place that make it easier for public authorities or third parties to access personal data or without users' consent. Furthermore, the transfer of personal data outside the European Union could expose them to security risks such as theft or loss of data during transfer or during their processing in third countries. It is important that users are aware of these risks and pay attention to the privacy information provided by smart appliance manufacturers, especially regarding the transfer of personal data outside the European Union.