This past Christmas, I received a Google Home as a gift. Google Home is a “voice activated speaker powered by Google Assistant”. Google Assistant is like the Suri that responds when you start a question or statement with, “OK Google”. So far I’ve asked my Assistant to play me music from my Spotify account, add items to my grocery list, tell me the weather for the day and even play a show on Netflix on my TV. This is the future- giving commands to devices that command other devices. But how often are these devices listening?
The Federal Trade Commission said on February 6 that Vizio used 11 million televisions to spy on its customers and proceeded to, not just collect, but SELL customer data, demographics, and viewing habits. A large majority of Vizio devices are ‘smart’- they listen, they retrieve, they respond. After this information became clear, many began to question how much smart devices are actually listening. More importantly, how much they are the recording. Are consumers sharing sensitive data without their authorization?
Consumers have been warned for years about malware infecting their computers, but now smart devices have become the new target; a new era of ‘mobile hijacking’. What do these hijackers want? In an article titled, “Who is Listening?”, for SC Magazine (February 2017), Danny Bradbury reports that hackers are looking for bank account information, Facebook access, or email access. With email, especially, they can reset countless passwords. Another purpose is for ad clicks- hackers can click on ads for ad companies that charge clients per click. Apparently, as Bradbury reports, some ad companies fund their own teams in order to do this illegal business. This is called ad fraud, which is costing the advertising industry an estimated $4.4 billion a year. One potential market for ad fraud is higher education. Most institutions use online ad companies to advertise their programs and they may be charged more than should be. One such ad company tried to tell our admissions group that thousands of people had clicked on one of our advertisements, but none of our applicants mentioned the site or ad in their application. Institutions should always check for return on investment when dealing with these ad companies.
Whether companies welcome it or not, most employees are BYOD (bring your own device). Personal devices are being used to check email and work on company projects in and out of the office. In these cases, when malware gains access to personal devices it also gains access to company information. It’s a constant battle between security and productivity. How can we protect ourselves? Don’t install un-reviewed apps. Stay away from downloading free games. Do your research. Still, all of this is troubling.
References