The recent rumor that iRobot had engaged in talks with Apple, Amazon and Google parent Alphabet to sell the data its Roomba vacuum cleaner gathers caused widespread privacy concerns.
Roomba maps homes — the spatial dimensions of rooms and distances between furniture and other objects — and the data it collects would be valuable to any of the major players battling to control the smart home.
Amazon’s Echo and Google’s Home voice-activated speakers already monitor and gather data about users through various smart home appliances and other products, as do makers of smart TVs.
Reaping the Rewards
Data collection is meant to provide an additional revenue stream for the manufacturer or service provider, as well as enhance the user’s experience, said Blake Kozak, principal analyst at IHS Markit.
That is precisely why the rumor that iRobot was discussing sale of the data to a third party alerted consumer privacy advocates.
However, iRobot “has not had any conversations with other companies about selling data,” said Colin Angle, the company’s CEO.
“iRobot will never sell customer data,” he told TechNewsWorld.
“The company will never violate customer trust by selling or misusing customer-related data, including data collected by our connected products,” Angle emphasized.
“iRobot is committed to the security of our customers’ data, which we take very seriously,” he said. “We build security directly into the product development process from the beginning, at the time of ideation.”
Both the Roomba robots and iRobot’s network architecture “are continually reviewed by multiple third-party security agencies,” Angle pointed out. We have a no-compromise attitude when it comes to product security.”
iRobot addresses consumer IoT “with the fundamental principles of security: secure data at rest, secure data in transit, secure execution, and secure updates,” he said.
The Threat to Security and Privacy
Right now, anyone can gather an unbelievable amount of data on pretty much anyone else, just by scouring free search engines on the Web. Add in data gathered by smart home appliances and other smart gadgets, and data on consumers’ electricity consumption patterns gathered by smart meters, and it’s possible to get a very granular picture of what’s going on in someone’s home.
Purchases of smart appliances have been on the rise, and voice-activated devices — led by Amazon’s Echo line — have been riding the wave.
There will be 220 million smart voice-controlled devices globally by 2021, IHS Markit’s Kozak said.
This trend could lead to serious threats to consumers’ privacy and safety. Hackers have accessed baby monitors, for instance. Further, the United States National Security Agency has made no bones about its willingness to tap the data made available by smart appliances and the Internet of Things.
“The ease with which an attacker can harvest and collect demographic and psychographic data on targets is astounding,” said James Scott, senior fellow at the Institute for Critical Infrastructure Technology.
“The widespread collection, insecure storage, negligent exchange, and irresponsible usage of consumer metadata poses a direct and hyper-evolving threat to consumers, government officials, and critical infrastructure owners and operators,” he told TechNewsWorld.
It represents a threat to national security and the integrity of democratic institutions, Scott warned.
Add artificial intelligence, big data algorithms and machine learning to the mix, and the bad guys can launch “massive hyperfocused campaigns against specific high-value sensitive targets,” he pointed out. “Adversaries can craft personalized social engineering lures related to targets’ browsing patterns, interests, profession and vices, for example, and thereby bypass the cybersecurity and cyber-hygiene reflexes that typically thwart 86 percent of social engineering programs.”
The Dangers of Cloud Storage
Smart home appliances and gadgets store the data they gather in the cloud, which is not inviolate. The Swedish government recently faced an upheaval following the discovery that all Swedish citizens’ private data had been leaked after it was moved to a cloud run by IBM, a company known for strong cybersecurity. The government replaced two of its ministers in a bid to quell the resulting uproar.
Data collected by smart appliances “is not safe if it’s sent off to the cloud,” said Michael Patterson, CEO of Plixer.
Malware preventative technologies from security vendors “are not a surefire defense against targeted attacks,” he told TechNewsWorld. “Nothing short of unplugging from the Internet can keep your data safe.”
Consumers who want to keep their personally identifiable information safe shouldn’t invest in appliances that are Internet-capable, Patterson cautioned. “No IoT device is safe from a data compromise.”
However, from conversations with device manufacturers and cybersecurity experts, “data collected by smart home devices will not be available to just any third party,” IHS Markit’s Kozak told TechNewsWorld.
Also, manufacturers of smart devices who collect data “don’t act on the data, and even more suggest they … aggregate it,” he noted.
Data collection is commonplace, Kozak pointed out. Reward cards, fitness trackers and smartphones all collect user data.
“Smart homes are a new concept,” he said, “so users are suspicious.”