THE INFORMATION Commissioner’s Office (ICO) has issued a warning over the risks posed by smart devices harvesting personal data. The ICO has also signposted a crackdown on connected devices by unveiling plans for new rules and action to be taken against manufacturers who fail in their data security obligations.
The warning comes in response to a new report issued by Which? that includes the findings of a detailed audit of connected devices, in turn revealing that almost all required location data, despite this information not being key to a given product’s functionality. The report reveals that some brands of speakers automatically share customer data with TikTok and Meta, for example, to smart TVs that insist on knowing viewing habits.
The Which? report states: “Based on our testing, Chinese brand Ezviz’s devices, sold by major High Street retailers including Argos, had by far the most tracking firms active. These included Pangle (ie TikTok’s business marketing unit) and Huawei, as well as Google and Meta.”
Every single brand assessed by Which? used tracking services from Google, while Blink and Ring also connected to parent company Amazon. Google’s Nest product demands the user’s full name, e-mail, date of birth and gender.
Andy Ward, vice-president at Absolute Software, observed: “Connected devices are the lifeblood of a modern workplace, but are also something of a minefield when it comes to data security. The ability for malicious third parties to listen in with the intention of stealing passwords and confidential information means that organisations should think first before implementing new devices that could present a major security risk.”
Ward added: “Key to this effort must be ensuring rigorous and regular cyber defences are in place, along with the ability to track, locate and ‘freeze’ devices in the event of loss or theft.”
Stephen Almond, executive director of regulatory risk at the ICO, noted: “People should be able to enjoy the benefits of using their connected devices without having excessive amounts of their personal data gathered. This simply isn’t a price we expect to pay. To maintain trust in these products, companies must be transparent about the data they collect and how they use it and ensure that the data is not used or shared in ways that people would not expect.”
Wake up to the risks
Cyber expert Oseloka Obiora, CTO at RiverSafe, informed Security Matters: “It’s time to wake up and smell the coffee around the risks posed by smart devices, which bring with them both a data privacy and cyber risk. The rise of smart offices can create an exciting work environment, but also opens up myriad security challenges, from eavesdropping in the Boardroom through to offering a backdoor into the business for hackers to exploit. New devices should be approached with a level of caution, with data policies checked and confidential information properly protected at all times.”
Obiora concluded: “The most effective defence against identity theft is personnel awareness. Strong and consistent cyber awareness programmes are crucial for minimising opportunistic data privacy compromises.”
64 High Street, RH19 3DE
04478 18 574309