Things that can and do spy on you

A robot vacuum cleaner is certainly a convenient thing, but this quiet assistant is capable of penetrating not only the most contaminated areas of your home, it is also capable of transmitting these coordinates to other devices.
  
For example, the IRobot i7+ is able to create a map of your home while cleaning it. The Roomba manufacturer explains this by saying that the vacuum cleaner has to create a map of your home in order to navigate accurately. The map can be useful if you want to order a vacuum cleaner to clean a specific room. However, Roomba reported that the iRobot i7+ also shares a map of your home with other smart devices. The manufacturer insists that sharing simply allows the robot to integrate with its digital assistants, but it’s easy to imagine what the consequences could be if someone took over a single account for all digital assistants and decided to transfer the data to third parties.

Another robot vacuum cleaner that can potentially tell all your secrets is the Dongguan Diqee 360. It is made in China and this vacuum cleaner has Wi-Fi and night vision cameras with 360-degree rotation. In theory, it would be easy for hackers to hack Diqee 360 cameras to spy on you while Dongguan is taking a break from a hard day’s work.

Who would have thought that a faithful friend with faithful horses under the hood could potentially share information about the owner with its automaker. And we’re not just talking about smart, independent models; we are talking about ordinary cars.

Almost every vehicle manufactured today contains an Event Data Recorder (EDR). EDR records information about a vehicle, including its location, average speed, road conditions and its owner’s preferred route. This information is automatically sent back to the automaker.

Automakers say they use the data to study how their vehicles behave during accidents and offer improvements. This information is also shared with law enforcement agencies to determine causes of accidents.

For one thing, we don’t even know how many automakers collect information about cars. We also don’t know who owns the information – the owner of the car or the manufacturer? Plus, most car owners don’t even know they’re being tracked. Automakers and sellers are also not very interested in disclosing this information. And we just have to be vigilant.

In fact, it was no coincidence that headphones were on the list of spies. The fact is that headphones and microphones work the same way. But headphones convert electrical signals into sound, and microphones convert sound into electrical signals.

But if you plug headphones into the special microphone jack on your computer, or into the single headphone and microphone jack on phones and laptops, they become microphones. Interesting technology, isn’t it?

Researchers at Ben-Gurion University in Israel have even created malware that turns headphones into microphones to spy on people. The malware, which they call Speake(a)r, works by converting a computer’s output jacks into input jacks. Headphones can be used to listen to a person’s conversation by simply connecting them to a computer.

It would seem that the toothbrush was included in the list of spies by mistake, but it wasn’t.

Earlier this year, millions of smart toothbrushes were used by hackers in a massive DDoS attack on the website of a Swiss company. The company’s website crashed as a result of the attack, which caused losses for the company estimated at millions of euros.

As far-fetched as it may sound, every device connected to the internet is a potential target and can be used for attack, and toothbrushes are slowly but surely moving from soft-bristled plastic wands to gadgets. In 2014, Oral B released a smart toothbrush that connects to specialized apps for Android and iOS via Bluetooth. Around the same time, Kolibree released a similar toothbrush.

Manufacturers claimed the brush would help users “outsmart their dentist” because it records each brush stroke, after which users can share their brushing information with “dentists and family.”

While there is no information yet about the Swiss company being hit by a DDoS attack, this case is another warning to owners of smart devices about the need to update software, firmware and ensure the security of their networks.

You may not know this, but Amazon currently uses thousands of people to view the voice commands users give to Alexa. Reviewers work nine hours a day, during which they analyze more than 1,000 audio commands each.

These reviewers listened to the voice commands that users gave to the virtual assistant without thinking that they would be heard by strangers. Reviewers listened to bank details, private conversations that were clearly not directed at Alexa, and, at least once, a woman singing in the shower.

Two reviewers once listened to what they thought was sexual violence and reported it to Amazon. Senior officials noted that it was not their responsibility to intervene. Some of these recordings occurred while Alexa was turned off, indicating that Alexa either turned on itself or when it heard something that sounded like a command to turn on. All of this has created privacy concerns on Alexa’s part.

However, Amazon does not call this espionage. They say they are considering voice commands to improve Alexa only. Amazon explained: “We use your requests to Alexa to train our speech recognition and natural language understanding systems.” However, the company never mentioned that humans – and not some kind of artificial intelligence – were involved in training Alexa.

Although Amazon claims that voice commands are analyzed anonymously, we can assume that this is not always the case. Verified records often include the user’s name, account number, and product serial number, which may be sufficient to identify the individual.

The 171 LED lighting units at Newark Liberty International Airport Terminal B in New Jersey are more than just lighting. They are equipped with sensors and connected to eight video cameras to monitor people in and around the terminal.

The terminal is served by the Port Authority of New York and New Jersey. The department says the cameras are only used to recognize long lines at the airport, vehicle license plates and suspicious activity. However, the system can be used for more. The Port Authority stores any information collected by the lanterns and can provide it to the police upon request.

Children often talk to their toys as if they were people and may reveal personal information in the process. This is gradually becoming a problem with the advent of smart toys equipped with cameras and microphones. These cameras and microphones sometimes send information to servers run by the toy manufacturer.

Due to fears of espionage, the My Friend Cayla doll, which contains a transmitting device, is banned in Germany. The company that made the My Friend Cayla doll was caught spying on children using the doll. The doll transcribed the conversation with the child and sent it to third parties. It is curious that when children asked the toy: “Can you keep secrets?”, she always answered: “I promise not to tell anyone; this is just between us.”

Hackers can also hack into these toys to spy on children, steal photos, videos and audio recordings, or determine GPS coordinates that could reveal a child’s location. The Smart Toy Bear from Fisher-Price (a subsidiary of Mattel) was also vulnerable to hackers after researchers at Indiana University discovered a security flaw that allowed them to gain access to the camera.

It turned out that this harmless-looking little thing, which even has a special rug on your desktop, can be used to keep an eye on you.

In 2012, it was reported that Singaporean employers were spying on their workers using a variety of devices, including calculators, alarm clocks and computer mice. Spy mice looked and worked like regular mice, except for the fact that they were equipped with microphones and a built-in SIM card. Employers called the mouse on the phone and after that the recording of any conversation within 10 meters began.

These gadgets are so smart that they can use multiple sources of information to identify the owner. They can also detect whether the wearer is walking, running, or simply getting into a car, train, or bus.

This is not at all surprising when you realize that these wearable devices can also track the user’s hand movements to determine if they are entering sensitive information such as PIN codes or passwords. Wearable devices can correctly identify the PIN number or pattern used to unlock a cell phone in 64% of the cases, ATM PIN in 87% of the cases, and computer passwords in 96% of the cases.

A study conducted by scientists from Northeastern University in Boston and Imperial College in London showed that data from TVs and smart devices is sent by manufacturers to the advertising departments of Google and Netflix, even if the user has never launched the latter service since purchasing the device.

In addition, these smart gadgets usually come with a built-in microphone and sometimes a camera for using voice control or video calling features. And these things can also record sounds from your room, even when the TV is turned off.

How can you expect data theft from an object that simply illuminates a room? After all, a smart light bulb is not equipped with microphones or cameras, and it usually does not save PIN codes from bank cards either. However, even such simple devices can be used by attackers with the proper skill.

For example, computer security researchers from the Check Point Research team were able to hack into a home network using a Philips Hue smart light bulb and install malware on victims’ computers, smartphones and tablets connected to the same Wi-Fi network as the light bulb.

The hacking scheme was as follows: the hacker uses a vulnerability in the wireless protocol that controls the smart light bulb and begins to play with color and brightness. The user notices that the light bulb is behaving strangely, opens the application and decides to reset the settings.

The central node of the smart home re-adds the compromised light bulb, and the hacked light becomes able to spam junk data into the home network and even install malware.

And even if the light bulb turns out to be unable to transmit this kind of information, the hacker will still be able, by monitoring its state, to find out which rooms the victim enters by the way he turns on and adjusts the lighting. This way you can find out when the owner of smart light bulbs sleeps, when he goes to the kitchen to eat, and what time he usually leaves the house to go to work. Agree, this is useful information for burglars.

And remember that Big Brother (or big business) is watching you. But we have the power to stop him.