Why does this keep coming up? No one buying a $25 cam or < $50 voice assistant is a hot ad target. Much less a blackmail target. Just think about it for a second and it is obvious. It all comes down to ROI. Processing audio much less video to the point of getting data points out of it is costly. Note devices are getting more powerful all the time. Processing is moving from the cloud to the device. So not long from now it might be cost effective to pull ad data from every word heard by a speaker but right now it is not. Note too even with local recog the assistant needs a wake word / phrase to know it is being talked to to pull that voice from the stream of other voices (like a TV or radio) surrounding it.
Streaming audio, much less video, 24/7 is going to get noticed. Lots of people have looked at the traffic on these devices and found nothing unexpected. Note Wyze used to use servers in China but people complained about it right away and they switched to US servers. But in the posts I mainly see it is "someone told me that it was doing X." Or some sort of vague thing like I talked about this thing and then saw an ad for it. Usually something not all that unusual for them to see an ad for.
However IF the makers of these devices were going to do something malicious the odds are MUCH more likely they would be used as bots for attacking REAL targets. As in companies and agencies. Either for extortion or brute forcing access. An even greater worry ought to be that these cheap devices probably are not that secure and might be pulled into a third parties botnet. Either way unless it is activated you would not expect to see any significant traffic. Note though, while you might be a "real" target, there are lots of script kiddies out there that might just use you to learn on and or try stuff out before going after a real target. They hit my websites and bang against my home firewall all the time. And since they do not know what they are doing they can REALLY screw things up if they get access.
That said if you give a damn about your data security you ought to have decent network gear that lets you monitor traffic and put your IoT on a network isolated from data you care about. Allow no inbound traffic and on the IoT network only allow outbound traffic as need. As a rule cameras should talk to nothing outside your network other than any cloud storage they might be linked to. On your data network you should be using a DNS that at minimum filters known bad actors. That is just life in the 21st century. Like door locks in the 20th.
Or just hope for the best and not worry about it. There is NO point in worrying about something without doing something about it much less doing any research. After all I hear some people still happily leave their doors unlocked.
No comments:
Post a Comment