Nest Protect: A Sophisticated Spying Device For The Internet of Things?
The issues of security and privacy should always be on our minds, but ever since the revelation of NSA spying played out this past summer, those issues have been forced to the forefront - impossible to avoid. In reality, that's a great thing... we should be concerned about our privacy and definitely about our security. No one likes being spied on, after all. Most people would never be comfortable with this reality, especially if it's the government behind it.
Not long after Google announced its Glass project - wearable glasses that are in effect a computer - concerns began to grow about their effect on privacy. With the ability to record video, the risks are obvious. It's been argued that people can record just as easy with a smartphone, but I think there's a major difference between holding a phone up in the air and simply walking around with a discrete pair of glasses.
These particular risks are so real that even entire countries have stepped-up and prodded Google for further information. And who can forget the Seattle dive bar that pre-banned Glass from being worn well before its release? It should also come as no surprise that when Google denied people attending its conferences and board meetings from wearing Glass, it's a far from perfect solution where security and privacy are concerned.
Eventually, Google catered to the concerns by making it so Glass will illuminate while recording and also require voice to begin recording. These might not be the most effective requirements out there, but at least with these changes they will allow those who want to make legitimate use of their Glass' camera to do so, while others will have some sort of knowledge that they may end up on their recording.
Of course, Google is far from being the only company to work on a product that has a massive privacy hole in it. Late last year, we learned of a Verizon patent that would allow its set-top boxes to actually listen in on your conversations, while also being able to scan the room to get a gauge of who's present. Technology like this can certainly have a legitimate use, but for use right in the home, and with the target of advertising? That's all sorts of sketchy.
Fast-forward to this week, where Nest - makers of one of the coolest thermostats ever - announced a new take on the old smoke / carbon monoxide detector. Simply called Nest Detector, the product's tagline is, "Safety shouldn't be annoying". It's hard to disagree there; no one likes to have their stress-level increase just because toast is burning.
Protect's key features: In lieu of a stark noise to warn you of a fire, the detector first talks to you - useful if this does just happen to be a burnt toast scenario. In this event, you can go underneath the Protector unit, wave your hand, and effectively tell it that you have things under control.
It wouldn't be a modern product without a mobile app, so indeed, it has one. If the alarm goes off, you'll be sent a message to tell you of it - seriously important if you don't happen to be at home, and especially useful for something like carbon monoxide presence which you wouldn't notice without a monitor. So yes - Protector doesn't just have a motion sensor (among others), it also has Wi-Fi. See where the security concerns begin to take shap here?
Theoretically, anything that's connected to the Internet has the potential of being "hacked" or accessed by an outside source. We just saw an example of this months ago with TRENDnet's IP cameras. It was discovered that those could be accessed with almost no effort at all, an issue that the FTC actually went out of its way to warn people about. Eventually, TRENDnet was even fined for the appalling lack of security measures that went into these products.
With issues like these creeping up a little more than is comfortable, it seems like it'd be a good idea for companies like Nest to outline what it's done to tackle these security concerns. While no company could ever claim their product to be "breach-proof", they could at least list the ways in which they tried to make it so. Is Nest Protector easily accessed by the outside world? We don't know, because the company hasn't told us.
Protector doesn't have a true camera, just sensors. It has no mic, so it can't be yelled at to shut it off; instead, it requires actual movement. So where could the security or privacy concern be with such a device? Admittedly, the risk seems minimal at this point, but that means little. Imagine someone being able to tap into such a device to figure out if someone's at home - I hate to jump to an almost ridiculous scenario, but the potential risks are clear.
Companies that offer products which connect to the Internet should make these potential risks known to their customers, or at least, as mentioned before, explain the ways in which they have strengthened the security of said product(s). If TRENDnet had done the same, the glaring fault in its IP cameras might have been detected long before some people fell victim to mischievous Internet lurkers.