How Smart Devices Spy On Your Home—And How To Avoid It
Released on 05/23/2025
There are currently nearly 19 billion
smart devices worldwide.
Chances are, you probably have one in your home.
From robot vacuum cleaners to smart refrigerators
to security cameras and baby monitors,
internet-connected air fryers.
Having everything in your home connected
to Wi-Fi just means there's so much more risk of hacking
and attacks and your data essentially just being exposed
through people who want it.
Today, we'll do a deep dive into the security
of smart home devices
and we'll chat with Wired senior review editor,
Julian Chokkattu, to discuss the pros and cons
of bringing smart devices into your home.
This is Incognito Mode.
[tense music]
One of the most convenient smart devices out there
is robot vacuums.
What am I kind of opening myself up to
when I put one of these devices in my house?
You know, you have this robot
that's going around your entire home
and it creates an entire map of your home.
There are conveniences that you can then say,
Hey, can you go clean the kitchen specifically?
But that is data that's stored by the company,
and you would wanna check how that data is stored.
A few years ago, it was reported
that images leak from an iRobot vacuum cleaner,
such as a woman sitting on a toilet
were sent to a third-party for labeling and testing,
but eventually, they made their way onto Discord
and even Facebook.
From that leak, we know that iRobot was capturing images,
not just a map at the house,
but also to identify everything in the house,
such as a vase or a couch.
This is a prime example
of how data that these companies collect
can be used in ways that you might not expect.
You definitely, I think, would wanna just avoid
using a camera based system
just because it does open up the risk
of it capturing the actual mapping data of your home.
Yeah, absolutely.
I mean, I can imagine how a robot vacuum company
would sell that data to marketers for home decor
or, you know, couches and things like that.
Nowadays, some companies are using lidar
to map out your home rather than a camera on it
so that the robot vacuum knows where to go.
How's the technology evolving?
Is there anything new that you're seeing coming out?
Yeah, this past CES actually, there was a company
that basically debuted a robot vacuum that has a little arm
that comes out or the camera on the actual robot vacuum
can detect socks for example,
and it has the capability to go over to them,
grab it, and put them in a specific area
so that it's not disrupting the flow
of the robot vacuum as it cleans your home.
There was also something about potentially
a little laser pointer that could help entertain the cat
so that the cat's not disturbing it.
You can then theoretically also imagine
what other things are gonna be coming to that sort
of a type of a device that roams your house, right?
Some new ones are trying to do stair-climbing capabilities
so that they can go upstairs so that you don't have
to physically move your vacuum up and down.
It has that potential to sort of be
that futuristic AI butler
that maybe we've seen in shows in the past
that also obviously is gonna open that category up
to a little more scrutiny in terms of
what exactly it's capable of,
and if it can pick up a sock,
maybe it can pick up a knife. [chuckles]
The dream of having a robot butler
is potentially coming true.
We're just gonna have to sacrifice our security
and potentially our privacy to get that future.
I think that was a given though, [laughs] in general,
from all the sci-fi robot butlers that we've seen.
[intense music]
[robot whirring]
Whoa, whoa, whoa, whoa!
[Robot] I'm sorry, Dave, I'm afraid I can't do that.
[dark music]
Smart TVs are doing a lot more
than just playing your favorite movies and shows.
They're also collecting a massive amount of information.
Many TVs nowadays include something
called automatic content recognition, or ACR.
researchers found that some ACR systems
capture 48,000 snapshots of what you're watching per second.
Yeah, I think today,
it's probably very hard to find a very high end TV
with no smart features.
By default, most TVs today
have those streaming apps built in
and some casting capabilities as well.
They're also more comprehensive in how they're tracking
what you watch and the data that they're collecting,
Taking snapshots of what you're watching all the time.
I mean, I understand why the companies
would want to do that,
but I don't understand how that really benefits me at all.
So, in general, you know, TVs are becoming more
and more of an ad platform, even though you might think
that cutting the cable cord
was all about getting away from advertisements.
That's all sort of coming back,
like more streaming platforms than ever now
have some type of a ad tier
that's slightly cheaper, if not free,
but of course there's, like, a separate part of it.
Whether they're sharing that data with third parties
so that Netflix can understand and know that like,
Oh, people liked this, they're actually watching this.
That's something that companies want that data
in terms of just who is watching what and for how long
and what you're doing on your TV in general.
ACR might even work with dumbed-down devices.
So it's not even just connecting
a streaming sticker for example, or using an app.
It's connecting a Blu-ray player and putting in a DVD.
You might think that might be completely fine and offline,
but apparently, company might still know
that you are watching Titanic for the 15th time on DVD.
What are some ways to make sure
that your data is protected
if you do have one in your house?
You might be able to, I think,
delete your advertising profile
so that they don't have, like, a visual understanding
of what it is, who you are, in terms of your tastes
and the ads that they want served to you.
But a lot of that is also somewhat hidden
in not the most obvious places.
Always, you know, it's something I do a lot,
I hop into the settings of almost everything I test
and just take a look at what capabilities are there,
what features are there, but also, you know,
what permissions does this service need.
I'm a tech journalist
and I still find menus on my TV to be kind of baffling,
and you might not know that's even there
or that's even an option
or that this data's being collected in the first place.
It's worth going through those settings
and definitely trying to make sure
that you're understanding at least what it is
that it's collecting about you.
[upbeat electro music]
So, the voice assistants, they're always listening,
the mic input is on,
but they only start recording once it thinks it's heard
a wake word and then that audio is captured.
A large part of these voice assistants
on these smart speakers is connecting
to other smart home devices, right?
So, the whole purpose behind them was,
if I'm gonna get smart shades
or if I'm gonna get a security camera
or a smart thermostat, I can just say,
Hey, set the thermostat to 68.
Or Hey, can you close the shades in the bedroom?
But obviously, you've invited a thing
that is constantly listening.
Yeah, it's one that I really struggle with,
because it is so convenient and, you know,
especially if you're a person with mobility issues,
it allows you to do things
you might not otherwise be able to do,
but it really creeps me out.
I had one for a while and I decided,
after it stopped working,
to just not try to make it work anymore.
And there are some things you could do,
like there are usually physical mics,
which is on these smart speakers that allow you
to turn off the mics when they're just not in use.
But then it kind of goes against the whole purpose
of, like, being able to just quickly ask a question
if you have to go to the device and turn on the mic.
But it's just what you're willing
to accept in terms of security.
Even if you had certain privacy protections
when you bought a smart speaker, like an Amazon Echo,
you don't necessarily know if those protections
are going to change.
For example, Amazon updated its terms of service
so that users of its Echo devices can no longer opt out
of sending their voice recordings to the company.
It might not seem like there's been a lot happening
in this space, but there's actually now
going to be another bit of a wave, I think,
in terms of these devices, because now,
it's all about incorporating artificial intelligence.
For example, Google is upgrading a lot of its Nest products
with Gemini, its large language model,
so that it can understand things like the ability
to recognize a FedEx driver coming up to your doorway
and then you later on asking,
Hey, did FedEx come by today?
Because large language models have large datasets
that they can train on, they're now capable
of that more natural free-flowing conversation,
which might mean that there are gonna be new devices
that people might want to upgrade to
or those capabilities might come to older devices.
That's a perfect example of how
these risks can be introduced when you get a device.
Like you might be getting a device
with certain features in certain settings,
and then things change or the company gets sold
and you don't necessarily have control
over your data in those situations.
You know, if you have an older Alexa device
and you don't want your recordings being sent to Amazon,
you basically just have to decide whether you're gonna keep
that device and keep using it at all.
[calm music]
Smart locks, the selling point is,
you don't have to necessarily carry your key.
Although, I highly recommend, if you have a smart lock,
to still carry your keys, because they rely on batteries.
You can even share your passcodes with family and friends
so that they can enter your home if you're away,
they need to check on a dog, but there are more risks,
because now, you've put the keys to your home
in a digital platform and that, you know,
that just might not be great from a security standpoint.
If something does get hacked,
someone could theoretically enter your home
or at least capture,
like if your smart lock has a camera on it,
or a microphone could capture some data from that as well.
It's kind of ironic that something that's, like,
literally for security could then be less secure
just because you're adding these more convenient features.
Yeah, I mean, a lot of locks have the ability
to auto unlock as you approach and that,
most of the time, relies on your phone's location,
which means when you enter a specific area
of your geo-fenced area of your home,
the door will unlock.
That I feel like, to me at least,
seems like a potential data point
that someone would love to have
if they wanted to target you specifically.
There are some security standards
you can probably look for.
Are they following AES-128 bit encryption?
Is the app two-factor authenticated?
How physically capable it is as a lock,
whether it's a retrofit over your existing deadbolt,
so it might not change the entire hardware?
That might be better than something
that completely replaces your hardware,
especially if it's from a company
that doesn't have a history of making locks,
but also making sure that the company
has a good track record in following best practices
to keep your data secure.
Another issue that kind of applies
to all these smart devices is them going outta date
and just not getting firmware updates
and then you need to replace the whole thing.
Once you've installed a lock,
you're not gonna go out and install another one anytime soon
or you hope that you don't have to.
Yeah, and a lot of capabilities are usually updated
through the app itself, but obviously, as you said,
it's one thing to make sure that, you know,
especially if it's been 10 years or so
since you installed a smart lock, probably just check
that there are security updates still being issued.
Do companies stop issuing software updates
or security patches
because there's some good reason for that
or are they just trying to get you
to buy another one of the products?
I mean, I think companies have it in their power,
especially big companies,
to offer significantly longer software update cycles
for, you know, these kinds of devices,
whether there's also an element of planned obsolescence
and they want you to upgrade to the next thing,
I'm sure that is definitely also a big part of it.
That's kinda why we encourage people to look
at some of the bigger brands,
because if anyone is gonna at least support a product
for something, like, a decade,
it's probably the company that has those resources.
Definitely, we could stand to ask in force companies
to require that some of these products
that especially you don't expect to change that often
should get support cycles that reflect that.
[ambient humming music]
Companies are sort of pitching, again, convenience
in terms of a Samsung smart fridge might have a display
on the outside that's basically a tablet
and you might be able to leave sticky notes
for everyone in the house
or you might be able to even play YouTube videos
to follow recipes along.
But also in the inside, they could have cameras,
and cameras can be used to detect
the types of things that are inside your fridge
so that you can even look at remotely into your fridge.
[Voice Over] Like here, when I need
to check the milk situation.
And it's true, some of that is convenient,
but especially with something like their Family Hub line
of refrigerators where there's a display on the outside,
you have to know that, like, you're probably going to have
to sign in, YouTube, Instagram, whatever it is
you want to have on this,
like, essentially a tablet display.
All of that is now under the protection
of what this fridge brand is doing to keep your data secure.
Make a really great point about it
being another point of failure
and just kind of introducing complexity into your life
and thus risk, because it's designed, it can be hacked.
Yeah, I don't think that's still a lot of people
that are gonna hack your fridge
and look at what is in your fridge,
but it does mean they might get other
compromising information from you, right?
It's not just big appliances like refrigerators
and stoves that are connected to the internet,
it's almost everything, from coffee makers to toasters
to even air fryers.
One report found that some air fryers
were automatically collecting personal data
and sending it back to the company.
Others were asking for things like gender and date of birth.
There's a whole other side to it as well
in terms of, like, repairability,
the long-term durability of, if there's a screen
and there's a screen as the only way for you to, you know,
interact with your oven,
what happens if you accidentally drop a cast iron pan on it
and now it's broken,
and now you can't really configure your oven
or you can't interact with it?
Now you have to spend that money to get it repaired.
It's gonna be more expensive.
And also, in terms of just, you know,
how long it's supported for over time,
if a particular feature breaks and the only way to interact
with it is through the software, but there's a glitch
and a company's not gonna update it anymore,
now you have fewer options in what you can actually do
outside of just dumping that entire smart oven.
[upbeat electro music]
Security cameras obviously have to be recording.
Usually, companies offer some type of a cloud-based plan
where you can store video data for 30 days for example,
and after that, it's deleted.
Some security cameras also let you record directly
to local storage, although there have been certain incidents
where what was promised is local storage
ended up also accidentally going to over the cloud.
You also do wanna make sure any video that is sent over
to the cloud for, for example, the convenience of being able
to look at your footage from a remote location
when you're not home, that it's encrypted
so that people can't just look at your streams.
Storing the footage locally
is definitely better for privacy, but it also,
you have to have the technical know-how
to secure that storage.
If somebody did wanna target you for some reason,
then they would be able to potentially gain access
to hundreds of hours of footage of your family
or whatever you've pointed the camera at.
Right, nowadays, security cameras
aren't just also cameras,
they have algorithms and facial recognition features.
So, there's that other aspect of the data
that they're collecting.
You know, now a big new thing
that a lot of these companies are trying to pivot to
is using artificial intelligence so that, you know,
you can just ask your Google Home app or your Alexa,
Hey, did FedEx come by today?
And it'll have understood what is a FedEx employee,
what they generally look like,
what the clothes they wear, is if they're holding a package.
And you can even ask things like,
Is there a package for me at the front door?
You can even add people's names if you really want
in terms of like,
Oh, that's my wife.
[Voice Assistant] Brittany is at the front door.
I didn't know that they are building facial recognition
and image recognition into these home devices' data
extensively, and that's quite frankly terrifying.
Yeah, I mean, a lot of that, I believe,
is completely on device and local,
so I don't think that information is being shared.
The idea is that because a lot of them will say,
Person detected.
Right? They have person detection, animal detection,
that have just getting these arbitrary person detected,
which might not provide you much value.
It might be more helpful if it's says,
XYZ came up to your front door
and that's person's a friend.
I think that's a really great example
of how these privacy erosions happen.
A company builds in a new feature
that solves, like, a minor problem or makes it,
you know, 10% better,
but then you've introduced this new acceptance
of just having facial recognition everywhere
and everyone is then just like,
Yeah, that's just how cameras work.
That's becomes the norm.
So, Ring is another big part of all of this.
They weaponized in some ways.
They're video doorbells and security cameras
by sharing information and footage
with local police departments in the past.
That's really how Ring was built,
was by going to local police departments,
giving them the ability to offer people
in their community deals through the police department
to buy Ring cameras, and then in turn,
Ring had really close relationships with the police.
They had a specific feature that allowed somebody
to share their footage directly with the police department.
Solving crime is great.
Nobody wants crime.
The issue is that it really rapidly indoctrinated people
to just constant corporate surveillance.
I worked on one investigation several years ago
where we were able to map every Ring camera
in a specific area, and we were able to see, like,
if a child is gonna walk to school,
they're gonna pass 75 Ring cameras,
and they're gonna be just subjected to the surveillance
and that data is collected by a corporation,
Ring is owned by Amazon, and, you know,
we don't know necessarily what
that footage is gonna be used for.
And I think it's more just becoming comfortable
with making constant surveillance the norm.
[slow music]
The convenience of that Wi-Fi capability in baby monitors
is basically the ability to remotely look at
and monitor your baby, even if you're not at home.
Like if you have a nanny taking care of the baby,
you can check on the baby yourself if you're away,
but obviously, all of that introduces
all of these potentials for violating your privacy.
There was a story of, like, a woman who found
that there was some stranger whispering
through her baby monitor,
and that's terrifying, that's creepy.
So, while security cameras and baby monitors
are very similar in terms of their functionality,
there's some reporting that shows even the best
Wi-Fi-connected baby monitors are less secure
than regular security cameras.
You know, a lot of times, you see companies
that make something that's not historically Wi-Fi connected
and they start adding in those capabilities.
They just don't have the team
that knows how to add the security measures,
and so they just haven't invested
in security as the top priority
as they add new features or new capabilities.
A lot of these smart home devices,
especially something like a baby camera,
like, you're setting it up, you would wanna make sure
that there is a two-factor authenticated method
of signing in securely so that even if your password
is compromised, a threat actor can't hop in
and just willingly access everything.
They would need a secondary device
for you to authenticate that it is you.
That should apply to every device
or app that you can possibly add two-factor to.
Definitely do that.
You know, I'd say it's one of those situations
where you kind of really have to look
at the risk versus reward.
And I think taking the steps to make sure your baby cam
is as secure as possible is really imperative,
because it's monitoring the most sensitive
and precious thing in your life.
[calm music]
Smart thermostats are great.
They can lower your energy bill
and tell you if something's wrong in your HVAC system,
but they also collect a ton of sensitive data,
like when you go to sleep, when you're away from home.
If that information is accessed by hackers,
that could tell someone when they should break
into your house.
It's also probably being collected for advertising purposes.
What coffee company wouldn't love to know exactly
when you wake up to serve you an ad for their brand of brew?
You know, the convenience
is that you can set your temperature from wherever you are.
You don't have to go to the product itself.
You can even have functionality
like understanding when you're not home
and it'll then automatically lower temperatures
or maybe even turn off certain systems
so that you're not wasting energy.
Some of that is based on location data
with your phone, maybe.
For example, I think Google's Nest thermostat now
has radar in it, so it understands
when you're approaching it,
the device lights up with all the information.
There are smart thermostats
that have voice assistance built in, like Alexa for example,
but I think it might be good practice to just let that
be handled by an actual hub or something else
and let your smart thermostat
just not have a microphone or a camera.
The benefits outweigh kind of the risks, I think for me
and with this one, except for the fact
that they are another entry point for a hacker
to gain access to your network.
I would say buy the ones that have the fewer features.
Don't have the microphones, don't have voice assistance,
making them as simple as possible
while still getting the benefits
of having a smart thermostat is probably the way to go.
[ominous music]
A router is not really a smart device,
it's just the thing that everything in your home
is going to connect to.
Routers are one of the most attacked devices
because they serve as a gateway to the rest of your network.
They're also really low-hanging fruit.
Most people don't change the default password,
and so hackers are able to get that information
or crack those passwords and get into your network.
If a hacker gets into your Wi-Fi,
they can see anything that's connecting to the internet
attached to your network,
potentially collect unencrypted communications,
and they may be able to gain access to the devices
and the data that your devices are collecting.
So, studies show that most people
don't change the password on their routers.
What really is the worst case scenario in that situation?
I'd say the worst case scenario
is that someone gains persistent access to your network,
those devices and potentially any data
that those devices are collecting,
or monitor you in the way that you're monitoring yourself.
Routers are kind of the window into your home.
Usually, it's you looking through that window
by your smart fridge app or your smart toaster
or whatever it might be.
In this case, the router is the entry point for anybody
who is trying to gain access to your network to gain access.
And so, that's why the security of your router is just
as important as anything else, if not more important.
So, one of the issues with routers
is that you have to replace them occasionally.
Can you tell me why that is?
Like, why would I have to trade in for a new router?
There's no law that says,
Hey, a router should be updated
or kept updated for 10 years.
There is a story of, like, you know, Wi-Fi itself.
There's new versions coming every few years.
So, right now, the latest generation is Wi-Fi 7.
So, there are better security protocols in Wi-Fi 7
versus Wi-Fi 5, right?
So, there are genuine reasons that you would want
to stay on the latest hardware.
And while newer routers are backwards compatible
with older Wi-Fi standards, you won't be able
to access those improved security measures
without actually upgrading to a Wi-Fi 7 router for example.
[upbeat electro music]
If you're looking to buy a smart device
and you are thinking about your privacy and security,
what's some advice you have for people
for what to look for or what to avoid?
You probably wanna stick
to some well-known, established brands.
They have a better track record and the resources
to have a security team, to have security practices,
and follow the best approach.
Being able to patch and quickly update devices
if there is a security breach.
It's not about if your company's product gets,
you know, hacked, it's about when.
And one other thing you could also do is,
you know, when you're shopping for a device,
do you really need X feature, right?
Like checking to see if your robot vacuum has lidar,
for example, which is what cars use,
rather than a camera on it.
A security camera.
Should you buy one with a privacy shutter
so that you don't have to keep unplugging it every time?
Look at all the features that the product provides.
If there's a genuine need for something,
like that Wi-Fi connectivity, which it enables,
then is there a way to at least mitigate
that type of risk by opting for technology
that is a little more privacy friendly?
[calm music]
Here are six things you can do right now
to make your home more safe if you use smart devices.
First, use a strong password
and definitely make sure you're not using
the default password that comes with your device.
Make sure you turn on two-factor
or multi-factor authentication whenever available.
Always make sure your software is up to date
on both your companion apps and on the devices themselves.
Make sure you router's secure.
That means changing the password, changing the network name,
and upgrading the connection to be encrypted if possible.
Do your research.
Make sure you're getting them from a reputable company
that has a good track record with handling your data
and dealing with data breaches.
Set up separate Wi-Fi networks.
That way, your laptop and other sensitive devices
are not connected to the same network
as all your smart devices.
This was Incognito Mode.
Until next time.
[calm humming music]
How Teslas Record Your Every Movement—And How To Avoid It
How Scammers Actually Work—And How To Avoid Them
How Governments Spy On Protestors—And How To Avoid It
How Smart Devices Spy On Your Home—And How To Avoid It
Every Cyber Attack Facing America
The Untold Story of Magic Leap, the World's Most Secretive Startup
AR, VR, MR: Making Sense of Magic Leap and the Future of Reality
How Ad Astra Created the Moon
How This Guy Invents Crazy Skateboards For Custom Tricks
Why Vintage Tech Is So Valuable To Collectors
