Blaze News investigates: Household items that you didn’t know have been monitoring you for more than a decade
Unsuspecting household devices are capable of surveillance and data collection in some incredibly detailed ways.
Most tech users and phone owners know their phone is listening. They likely also know their data is being consumed by social media platforms and apps at an alarming rate. Many are okay with this fact based on the idea that it is most predominantly used for consumer marketing.
Sometimes, though, lawsuits are inevitable. Like Facebook’s $725 million scandal where the data of approximately 87 million Americans was allegedly misused and shared with Cambridge Analytica.
In order for those lawsuits to come to fruition, however, people need to be aware their data and information is being taken. Unfortunately, clicking “agree” on that user license means blowing past some of the most disturbing facts.
Much of this information began surfacing in 2013-2014, when internet-connected TVs were first hitting the market, and it was around that time that journalists and tech gurus started pointing out the obvious: Your TVs could be collecting data. Much of this was brushed off until years later in 2017 when WikiLeaks revealed a packet of information called Vault 7.
‘The functionality of the device is held hostage to your agreeing to the privacy contract.’
Smart TVs
Documents revealed at the time that not only were backdoors into Apple and Android phones purposely kept open to be used by the CIA and NSA but that smart TVs could be hacked and have a program installed that would provide a “Fake-Off Mode.“
Particularly with a Samsung Smart TV, the program could be initiated by pressing the following combination while the TV was powered off: “Mute, 182, power.”
This would leave the screen off to make it appear as if the TV was still powered down. Meanwhile, the TV set was secretly recording audio of the unsuspecting user. That audio was transferred through the internet to CIA computers once the TV was switched back on, and the Wi-Fi would go back to serving its primary purpose for the television owner.
It was also suggested that the TVs may be able to record short videos if they had a camera.
Despite the CIA exploits becoming revealed, the BBC’s tech reporter Mark Ward said at the time that the intelligence agency would undoubtedly “have other unused attack tools stored and ready to deploy.”
Tech researcher Josh Centers told Blaze News that smart TVs are “the worst perpetrators” of data collection.
“Ever wonder how TVs keep getting cheaper in the face of inflation? It’s because manufacturers sell the TVs at cost or even a loss to slip these spies into your home. Be equally suspicious of any other internet-connected gadget that seems too good to be true.”
“I’ve caught smart TVs that phone home as much as once per minute,” Centers continued. “I recommend not connecting smart TVs to the internet at all. Instead, use a device like the Apple TV for your streaming needs. It’s slightly less convenient but better for your privacy and your home internet speed.”
Centers also recommended using internet routers or software that tracks your outbound data, categorized by device, and lets you see exactly how many connections your gadgets have in terms of data collection.
Home security cameras
It didn’t take long for smart home security cameras, cell phones, and tablets to face exploitation. It was only 2015 when home security experts started revealing to the public exactly how easy it was to take control of a consumer’s security system.
This manifested through open Wi-Fi networks, simple passwords, and old phone software. Hackers could gain access to a home network by simply running a program that would allow them to bust into a phone or tablet, gaining a live feed of the back or front-facing camera.
Furthermore, if a home security camera feed was insecure and running the default, out-of-the-package configuration, a hacker could use a simple program to guess the password in less than a minute.
“We’ve done a lot of research looking for these devices online. I found 540,000 of them running a default configuration,” researcher James Lyne said in 2015.
Harvard professor Shoshana Zuboff explained in a 2019 documentary that Google’s home security system Nest has been busy at work extracting behavioral data and information from consumers.
“When you buy the security system and it has the piece of paper that you unfold and the schematic, or you go online to learn about it and there’s a schematic, it does not show a microphone. Now, why would you have a microphone there? Well, remember what is our business?” she asked.
Voices, conversations, what is being watched on television, what music is being listened to, and even who is coming in and out of the owner’s house, all is being recorded.
“Whether or not you’re shouting at each other over the breakfast table, all of this has tremendous predictive value,” Zuboff said. That information is being sold to other parties and sold again, with no telling what it’s being used for.
Smart thermostats
Another intrusion method for hackers and overall data spies is through the advent of internet-connected thermostats.
This goes beyond a 2022 instance when 22,000 smart thermostat users lost control of their energy system during an “energy emergency.”
Those homeowners knew — it is assumed — that this was a possibility when they enrolled in the program with their energy company in order to get a $100 credit at sign-up.
That connection to the online world is what acted as an entry point for hackers to exploit Target in 2013, gaining access to 40 million customers’ debit and credit cards. By 2016, smart thermostats were being hacked, locked, and held for ransom.
Imagine receiving a note on your thermostat to send $1,000 or face an unbearable 100-degree household in the middle of summer.
Can this type of intrusion still happen? As exploits are constantly updated, so too is the security and functionality of said thermostat. If a user decides it no longer wants to keep sharing its data with the manufacturer, then the security updates may stop coming, as well.
This leaves the consumer in quite the conundrum; let your data be exploited in a controlled manner, become vulnerable to a household hack, or pay for an entirely new HVAC system.
“If you don’t want us to take your data and you don’t want us to send it on to third parties that’s ok,” the aforementioned Zuboff detailed.
“[Just] be aware that without your data we will stop supporting the functionality of your thermostat. We will stop upgrading the software, be aware that the smoke detector may no longer work. Be aware that the pipes in your home may freeze. So now the functionality of the device is held hostage to your agreeing to the privacy contract.”
‘When parents asked Amazon to delete their kids’ Alexa voice data, the company did not delete all of it.’
Xbox Kinect
One of the scariest monitoring capabilities dates back to 2010 with the video peripheral Xbox Kinect, which was eventually discontinued in 2017 and generally stopped being used for games around 2022.
This seemingly primitive technology would make way to the PlayStation Move and VR systems and Window’s Mixed Reality technology. Going back in time to see what the original tech was capable of is certainly eye opening, however. Coming off a predecessor that wasn’t much more than a web camera with a microphone (Xbox Live Vision), the Kinect system provided a significant step forward that made 3D mapping and infrared scanning a reality.
The truth of what the Kinect was really capable of was revealed by the simple trick of taking one of the camera filters off. Showcased in many home videos, removing the infrared filter showed the series of dots on the infrared laser grid that the Kinect was creating to determine the depth and size of everything in its view. That being every item in the user’s living room.
Watching a child play a game with this filter off was even more troubling.
Those capabilities meant that the Kinect could be adapted to provide simple 3D scanning for art and, perhaps more intrusively, the Kinect could be turned into an infrared camera.
Ring doorbell cameras
From troubling to downright disturbing, Amazon and its Ring doorbell camera company has been accused of some sinister acts.
In 2023, Amazon agreed to pay $25 million in a civil penalty, along with another $5.8 million for allegedly breaching customer privacy.
The giant corporation was accused by the FTC of “misleading parents” and keeping the recordings of children indefinitely, even though parents had requested the deletion of the data.
Why was Amazon keeping recordings of children’s voices? They said it was to refine its voice recognition algorithm, which powers the Alexa voice assistant software.
The FTC also said that in addition to Amazon holding on to the child-voice data, its subsidiary Ring company allowed consumers’ private videos to be accessed by employees and contractors. This allegedly enabled hackers to take control of some user accounts.
“Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA (the Child Online Privacy Protection Act) and sacrificed privacy for profits,” said FTC consumer protection chief Samuel Levine.
“When parents asked Amazon to delete their kids’ Alexa voice data, the company did not delete all of it,” added FTC Commissioner Alvaro Bedoya.
It should go without saying that outsourcing your home doorbell video to a third party opens up a world of frightening opportunities.
Hacking your health
Taking the term “honorable mention” in a dark direction, it’s been at least 12 years since it was revealed that pacemakers and insulin pumps were vulnerable to hacks and assassinations.
In 2011, it became known that a hacker could gain access to a diabetic from 300 feet away and order a fatal dose of insulin. In 2012, a man named Barnaby Jack announced he could hack pacemakers and implanted defibrillators to kill a person.
“These are computers that are just as exploitable as your PC or Mac, but they’re not looked at as often,” Jack said at the time. “When you actually look at these devices, the security vulnerabilities are quite shocking.”
By 2016, the possible distance for an insulin hack was reportedly increased to over 2,500 feet.
Showing the often massive lag behind what is publicly and privately known, the FDA finally admitted in 2017 that St. Jude’s cardiac devices could be hacked. This came after St. Jude’s initially denied the claim in 2016, a full five years after the information was generally known.
Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!