Improving security in smart homes

30 January 2018

If you unwrapped your presents at Christmas to find an intelligent loudspeaker or a smart TV set, you're not alone. Market research company Gartner has calculated that over 8 billion networked devices are in use worldwide. The 20 billion mark could be broken by 2020. And yet, the increase in the number of networked household aids is also opening new doorways for hacker attacks. Ulf Theike, General Manager of TÜV NORD Systems and responsible for digitalisation, explains what consumers should be looking out for when they buy smart devices and have them in their home.

In principle, anything connected to the Internet can be hacked. Which is why users should be as sparing as possible in the use of their data and only store the absolute minimum of information required on their smart devices, says Theike. If you are toying with the idea of buying a smart device, you should really take a very close look at its functions in advance. And you shouldn’t rely just on the information provided by the manufacturer. In Internet forums, users recount their experiences with networked power points and the possible security problems that they have encountered.

Anyone who wants to use Amazon's Echo just as a speaker to listen to their favourite playlist should take out the microphone. But even that does not permanently eliminate the risk: Hackers can mis-use the devices and eavesdrop on private conversations. Companies such as Amazon and Google collect information on the users and store them on their own servers, for instance to use them for promotional offers.

After all, you can find out and remove what intelligent loudspeakers store on the hard drives of the providers. You can see all the entries of the Amazon Echo on the app's homepage or in the browser application. Tapping on the "More/remove card" option allows you to delete them individually. In the "History", you can even play audio files and likewise delete them. If you would like to get rid of all the entries, you can do that in your Amazon account under the heading "My apps & devices".

Anyone who asks Google Home to read out the weather forecast will find his or her activities posted on the website myactivity.google.com. Under "Filter by date and product/Google Assistant", you can select and listen to the speech files and delete them individually or go to "Delete activities after" and remove them completely. Under the heading "Activity settings", Google even offers you the possibility of completely deactivating the storage function.

Overzealous assistants may cause you to incur unwanted costs. In the US, for instance, a child got into conversation with Amazon's Alexa and ordered a dolls’ house. The case was reported by a TV station. When the news anchor read out the sentence "Alexa ordered me a dolls’ house", the assistants of a few viewers promptly attempted also to order a dolls’ house. To avoid unwanted orders, Ulf Theike advises, the order function should be disabled or protected by a numerical code.

The shorter the length of time a device is connected to the Internet, the lower the risk. For this reason, all devices which don't need to be connected to the Internet should be switched into offline mode. Switching off more frequently will also save money. While there's no denying that the standby mode is convenient, even in modern devices it still uses too much electricity. When you leave the house or go to bed, you should switch off the devices to save energy costs.

With which manufacturers are my data in safe hands? This crucial question is one that large numbers of German consumers ask themselves before purchasing a smart device. The advice of the TÜV NORD expert is this: In principle it’s better to trust well-known manufacturers and large companies than, for example, unknown low-cost suppliers from the Far East. "Well-known companies of international standing generally need to place more emphasis on the correctness of their terms and conditions and on privacy regulations - especially if they’re following a sustainable business model,” explains Ulf Theike.

Certificates or quality labels that consumers can use to identify trustworthy networked products are still some way off in the future. To ensure that this does not remain the case, TÜV NORD is working with partners from the economic sector, consumer organisations, science and official bodies to develop rules to define the measures needed for high-level IT security and software updates. “We assume that we will have developed guidelines within the next two years. On the basis of these guidelines we’ll be able to check the devices and offer consumers better security with quality seals,” Theike says.