Site icon Sophos News

The Spy, sorry, The Fridge Who Loved Me

We’ve already written about some of the, errrr, indispensable new smart home products that emerged at the recent CES show in Las Vegas.

That’s a massive annual event for the consumer electronic industry (indeed, CES, which now just stands for CES, used to be an acronym for Consumer Electronics Show).

CES is where the connected devices of the future – ones that that you didn’t even know you needed, let alone might ever want – are there on promissory display amid all the va-va-voom of Vegas.

There’s a haptic hairbrush that tracks your brush strokes lest you find yourself doing it wrongly.

There’s a smart bed that lifts your head if it thinks you’re snoring, warms your feet if they get cold, and keeps track of who knows what else besides that goes on in your bedroom.

The seductive problem with many of these devices is that the data that they collect – like the trichological tracking performed by L’Oreal’s Hair Coach, your personalised tonsorial tutor – seems harmless enough to give away.

After all, if your hairbrush strokes, or the semi-random movements you make subconsciously while asleep, should end up collected, collated, sold to the highest bidder, shared, breached and then sold again on the underground…

…how would that compromise your privacy, safety or security?

The answer is that it might not, at least right now, but as more data gets collected, as computers get faster, and as data mining and matching techniques improve…

…data that has any sort of connection to you, no matter how vague it might seem, can be searched, sorted, collated and matched with other data sets to provide a profoundly detailed picture of where you go, what you do, when you do it, what your mood was like at the time, and much more.

LEARN MORE: The Big Data picture – just how anonymous are ‘anonymous’ records? ►

It gets worse.

As we wrote last week, some of the cool new CES devices aren’t just about capturing data that only a determined data miner of the future might ever find a way to exploit. (As cryptographers like to say, attacks only ever get faster.)

The charmingly misnamed Ocean Medallion, for example, acts as a sort of super-duper turbo-charged cabin key on boat cruises – one that also manages your purchases, monitors your location, and allows not only your family but also cruise staff to keep track of you on board and online.

And it gets even worse than that.

LG, for example, really rowed out the boat at CES, announcing a product with “industry-leading technologies [that] offer intuitive control, home management, bringing new meaning to kitchen as heart of the home.”

You’ve probably guessed what it is, if the headline above didn’t give you a clue: it’s a fridge.

Taking cooling to new heights

Make no mistake, on-demand refrigeration is one of the truly useful advancements to come out of the industrial revolution, and it’s hard to imagine turning against that aspect of the technology.

But LG has produced a refrigerator that takes cooling to new heights – or lows, depending on your viewpoint.

The Smart InstaView Door-in-Door fridge does more than challenge your sense of linguistic fair play; it also brings privacy concerns right into the kitchen.

There’s Alexa integration, so you can search and shop simply by talking to your fridge.

There’s a camera inside that hooks up via Wi-Fi so you can look inside from your phone while you’re at the supermarket to see just how much mustard is left in the jar.

And there’s a feature ominously called Smart Tags that will keep track of when individual items are going to go past their use-by dates.

LG pitches this fridge on the basis that “for many families, the kitchen is one of the busiest rooms in the house,” which implies both adults and children coming and going, talking and interacting, planning and eating, giving away plenty of personally identifiable information and family secrets along the way.

So you’d expect security to be written large in any material that talks up this home refrigeration behemoth.

But it’s all about fun, apparently, with LG’s Song Dae-Hyun, president of LG Electronics and Home Appliance & Air Solutions Company, saying, “Our Smart InstaView Door-in-Door refrigerator will allow users to enjoy their kitchen experience like never before.”

Indeed, the one word conspicuous from all the material we’ve seen so far welcoming this device to the market is security.

What to do?

At this stage, there isn’t much you can do, except to put privacy and security on your must-get-it-right-or-I-won’t-buy-it list, even if you’re habitually an early adopter of cool new technology.

This year, if CES is our guide, many more devices, even entry-level ones, will get automated voice recognition, for example via Amazon’s Alexa like LG’s smart Instaview, and built-in Wi-Fi connectivity intended to make it easy to access them remotely.

Indeed, according to Ars Technica, LG’s VP of Marketing suggested during CES that, from now on, all the company’s home appliances will feature “advanced Wi-Fi connectivity.”

That means many devices will need to connect to the cloud and upload data to other people’s servers as a matter of course – Alexa, for example, doesn’t figure out what you said using the stripped-down processor in the device, but by sending your voice samples into the cloud to be processed in one of Amazon’s mighty server farms.

If you vote with your chequebook, or for that matter with your chip-enabled payment card, you will help to persuade the vendors who flock to CES to put privacy and security on their own must-get-it-right-or-we-won’t-sell-it lists, too.


Exit mobile version