Bench & Bar of Minnesota is the official publication of the Minnesota State Bar Association.

Is the Internet of Things spying on you?

So is your phone spying on you? Yes, it’s possible.

few months ago, Computer Forensic Services analyst Sean Lanterman spoke to KARE 11 News about a topic that makes a lot of people nervous. “Is my phone spying on me?” may have seemed like a paranoid question at one point, but it now seems like a perfectly plausible notion. Given the vast amounts of data created, stored, and transmitted by the average person’s phone, it’s actually a question we should all be asking. Sean pointed out the very real fact that our phones are basically snitches in our  pockets, and it’s not impossible that advertisers would take advantage of this fact. After all, what better source of information is there than our phones when it comes to gathering intel about our preferences, shopping trends, and habits?

So is your phone spying on you? Yes, it’s possible. Your smartphone’s capabilities allow for the kind of spying that many suspect; your phone may communicate information about you to advertisers, and from there, personalize ads to match what has been gathered. This information can be gathered in pretty sneaky ways, too—for instance, by using your phone’s microphone to capture your conversations without your awareness. The question can grow still more complicated when you apply it to your other internet-connected devices. Smartphones are probably the biggest storehouses of our personal information that we utilize on a daily basis, and for that reason, they are probably the devices that transmit the most data about us as well. But now, internet-connected devices can include everything from your thermostat to your car to your refrigerator.

These devices often feature a large range of multimedia capabilities that extend far beyond their technical use. Microphones and cameras are common elements of some of our internet-connected devices, not to mention other more advanced technologies such as GPS and voice recognition. To further confuse things, the average consumer may not know which devices have which features, especially since something as simple as a washing machine may now be equipped with exceedingly advanced technology. How do we manage all of these devices and ensure the best possible security practices?

Keeping a tally of all the internet-connected devices in your home may be more difficult than you think. Smartphones, watches, laptops, computers, entertainment systems, security cameras, TVs, cars, and the types of home appliances mentioned earlier may come to mind. But there are also trickier sources of internet-connection lurking in your home, like your kids’ toys. And at the community level, everything from water plants to the power grid are connected by the internet. Can we effectively manage the risks to our privacy and security when so many of the devices we now rely on store and communicate our personal information? And what do we do when this information is compromised or our devices are taken over by cybercrime? Many of us are familiar with company and organizational policies relating to cybersecurity best practices. But when it comes to our own homes, many are less equipped and less eager to train themselves and their families in cybersecurity.

First, taking stock of which devices could potentially be spying on you, besides your phone, is important. Understanding what you buy is critical to maximizing effective use of the product and minimizing the potential risks. This is especially important when privacy concerns come into play. Knowledge of your devices includes a basic understanding of what kinds of data they collect, how this data is stored, and why and how it is communicated. If a microphone is suspected of being the culprit in leaking information, navigate settings to figure out a way to turn it off. Ideally, this kind of research is done beforehand, but proper device setup and knowledge of an item’s security features can be critical in mitigating risk. Ultimately, you may decide that an internet-connected thermostat or fire detector isn’t worth the hassle.

Second, once you’ve decided which devices are worth keeping around, take stock of the potential threats against your privacy and security. You may not be completely aware of the devices that create, save, and communicate sensitive information about you. Even though many people click the “I agree” button, most are not fully aware of what their consent implies, or means for the companies that profit from this kind of mass data sharing. A compromised device can also be used to execute greater attacks. It should be noted that hackers don’t discriminate. An internet-connected device is always a target, regardless of whether it’s a toy, a phone, or a computer.

If one or more devices are spying on you, it’s difficult to pinpoint who or what is doing it. As Sean explained on KARE 11, there are no individuals at the receiving end, but rather an automated process comprising advanced algorithms to decipher the data being sent. Knowing how best to configure the settings on your internet-connected devices, and being aware of how many devices may pose security and privacy risks, are two keys to a proactive approach to minimizing the potential of  digital spying.



MARK LANTERMAN is the chief technology officer of Computer Forensic Services. A former member of the U. S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security and forensic experience and has testified in over 2,000 cases.

Leave a Reply

Articles by Issue

Articles by Subject