When a smart speaker aggregates customer data, or a car dashboard highlights the nearest McDonalds, the marketer and the consumer assume the devices can be trusted.
But recent research by Israeli security firm vpnMentor raises red flags about whether the Internet of Things could turn into the Internet of Spying Things.
What vulnerabilities were discovered? The company recently announced the results of work by a group of “ethical hackers” it employed in March and April of this year.
In one project, the group was able to connect an SD card reader to a first generation Amazon Echo and install malware that could listen in to the owners’ daily life or interfere with the Echo’s control of other household devices like smart locks or appliances.
The use case for this Manchurian Candidate-like Echo envisions that the hacked speaker was purchased as a used smart speaker on the open market.
Peter Campbell, CEO of vpnMentor’s PR firm, Kaizensearch, said that Amazon corrected the speaker’s vulnerability in the second generation Echo — but there is no Amazon program to certify any used smart speaker. If some enterprising hacker is able to crack future generations of Echos and they are bought on the used device market, the same infiltration can occur.
He added that Amazon does recommend the owner of a used smart speaker update the firmware, but that assumes the owner knows what to do.
What else did they hack? In another example, the first generation of the Ring smart doorbell was also hacked by vpnMentor. But, Campbell pointed out, that brand doesn’t list the product by generation, so any buyer of a used Ring doorbell is on their own.
vpnMentor was also able to remotely control the Samsung Smart Camera, which is also not listed by generation, and it was able to compromise the security for the August Smart Lock, the Kwikset Kivo Smart Lock and the TP-Link Smart Plug.
“A lot of people are buying smart devices second hand,” Campbell said, “and failing to reset the firmware.”
Why does this matter to marketers? Imagine that, as in the novel 1984, every TV was watching you as you watched it. In that environment, how much would consumers trust the advertising they see there?
Telephones have already started veering into becoming tainted devices. A phone call from an unknown party is viewed as suspicious by most people because of the large number of spam calls, and the same could happen if consumers begin to suspect that, say, their smart speakers are tracking them.
Marketers may well realize that brand safety is not just about whether the page or program where the brand’s ad is shown features controversial text or imagery. Safe brand neighborhoods can also include the trust afforded to a given device, so marketers would best target their messages toward the devices that maintain that trust.