The growing trend of smart homes has entailed many internet-enabled consumer products coming into the market. The theme of the World Consumer Rights Day’s (March 15) this year is “Trusted Smart Products” for reminding consumers to exercise due caution in the use of smart devices to prevent leakage of privacy and personal information. Consumers should actively ensure good security measures for their devices, including the use of strong and unique passwords for each device, adjusting device settings for maximum security and privacy protection, and turning off such features as camera or microphone when they are not actively in use.
The Consumer Council notes that with technological development, many home appliances such as air-conditioners, refrigerators, washing machines, light bulbs, rice cookers and vacuum cleaners, already have internet connection function, and through information exchange on the internet amongst these devices form the Internet of Things (IoT), which can be further extended to other objects, such as doorbell, door lock and curtains, as well as other conventionally non-internet enabled objects, such as sports shoes that can collect exercise data, garments that can monitor physical conditions, children’s toys with artificial intelligence, and even rubbish bins that can detect the load level and send alerts, etc. They bring to consumers greater convenience by overcoming time and geographical barriers to effectively manage their daily routines.
The convenience of a smart home to the elderly and disabled with limited mobility is even more obvious. Once when functionalities like remote control and voice activation are built into home appliances, they can transmit health indices of an elderly, such as blood pressure and blood sugar readings to medical centres. In the event of accident to an elderly living alone, families or service organizations will be notified remotely, and emergency rescue will be summoned without delay.
Though the market is burgeoning with a wide range of smart home appliances, particularly through online shopping, consumers should be aware that some products may not be suitable for use in Hong Kong due to differences in voltage and specifications of plugs. Furthermore, product quality varies from one to another with some of them not reaching the international standards. When purchasing, consumers should carefully assess the potential risks involved, in particular, the serious leakage of privacy and personal data. Since all IoT devices are linked to the same network, once a device is hacked, the hackers could also access other devices in the same network.
In 2016, hackers with malicious software attacked a massive number of IoT devices, including online cameras and routers, and build a Zombie network through which they amassed control of a huge amount of smart gadgets compromised by computer virus. Consumers were not immediately aware of the incident as their devices operated normally as usual. Until October, hackers struck and threatened a US internet service company with their controlled devices to overwhelm the company servers with a flood of internet traffic which subsequently put the servers out of service. Several popular social media platforms including Twitter and Reddit were affected.
Another incident involved a model of smart watch designed with child protection in which hackers could easily gain access to the devices through the design loophole not only to collect the stored personal data on the watch but also to “hijack” the system control to enable hackers to issue malicious anonymous phone calls or obtain the user’s location that put the child safety in serious jeopardy.
In fact, the past few years have seen rising consumer awareness of privacy issues on the internet. According to a global survey last year, 52% of the respondents were more concerned with web privacy than a year ago – with 22% of high concern and 30% of general concern. In Hong Kong, which was included in the survey, 18% and 40% of respondents reported higher and high levels of privacy concern respectively, representing 58% of the total respondents. Hong Kong ranked 8th in the 25 territories in the survey, reflecting considerable awareness of internet security among the people in Hong Kong.
In a bid to help manufacturer create safe and trusted smart devices for consumers, the Consumers International has launched a new set of “Consumer IoT Trust by Design Guidelines”, which set out requirements across 6 key areas: security; privacy; transparency; supporting vulnerable consumers; customer support and complaint handling; and environment that are crucial in creating a trusted and safe IoT system for consumers. The guidelines provide also 6 checklists for manufacturers to follow and assess if they have attained the 6 principles.
To avoid leakage of privacy and personal data, consumers when purchasing and using smart devices should pay heed to the following:
- Before purchase, consumers should first understand the product design, including if consumers can change the passwords themselves and adjust the privacy settings, and if there are regular software updates to cover security loopholes;
- Find out if the product has been involved in any breach of security or privacy and if the manufacturer has been involved in any deception, theft or other illegal behaviors;
- Many smart devices come with preset passwords that are vulnerable to being exposed or hacked; consumers should set their own unique passwords for each device and never divulge the passwords to other people;
- Some smart devices have only minimal security protection, consumers should adjust the security and privacy to higher settings before using the devices. If the devices are attacked or compromised with malicious software, renew and reset the devices at regular intervals. If attack is suspected while the devices are in use, access the manufacturer website or contact service provider for help;
- Most manufacturers will provide security renewal software, users should regularly update the security of their devices. Activate the auto renewal function of the device if it is equipped with one;
- Many features on smart devices might monitor the users’ activities even when the users have never expected or wanted them to do so. Therefore, if it is not necessary, disable related functions, including cameras, microphones, or location tracking apps, and turn devices off if they are not in use. Consumers should regularly check condition of the IoT, and if anything unusual is detected, for instance, the transmission speed has slowed down or connection with unidentified devices, seek immediate help from internet security professionals;
- Consumers should think clearly if the product will bring significant benefits to your daily lives before purchase and should not be easily influenced by the trader to buy something that ends up in waste.
The Consumer Council reserves all its right (including copyright) in respect of CHOICE magazine and Online CHOICE.