Devices that are particularly suitable or even intended for inadvertent recording are also very dangerous. It is also not allowed to use it if the device can be accessed remotely, for example, through an application, to spy on or observe someone unnoticed.
Examples of prohibited devices include smart watches with listening capabilities. Consumers should be skeptical if these are offered with features like “voice surveillance”, “baby monitor” or “one-way talk” that go beyond a normal phone function.
This is because the microphone or camera on the smartwatch They can be remotely activated by means of an application or a text command by SMS without the watch wearer or third parties nearby being able to perceive it.
Robot vacuum cleaners with a camera and / or microphone can also represent a danger if they are able to secretly transmit images or audio wirelessly to the owner’s mobile. The deciding factor in this case is whether there are acoustic or visual cues that make a recording recognizable to third parties.
Toys can also be affected: dolls, robots or remote-controlled cars that are controlled via an app and equipped with possibly hidden cameras or microphones also often fall into the prohibited category. In particular, the German agency warns of those toys that connect to the Internet.
Especially suspicious are those products that look like everyday objects and can inadvertently record and transmit images and sounds. According to the German regulatory agency, scent dispensers and tissue boxes have recently drawn attention in this category.
Also very doubtful is the use of so-called trackers, which detect a location by satellite (GPS) or mobile phone (GSM) to monitor cars, bicycles, animals or other objects. These are often no bigger than a matchbox. In some countries, these trackers are prohibited if they can be activated, unnoticed, through an app or SMS text command.
Gartner, an information technology research and consulting company predicts that more than 20 billion devices are currently connected. From physical activity monitors to thermostats, locks and smart appliances, to give a few examples.
It explains that large amounts of personal and sensitive information are collected that can be shared and traded on the open market. This has led to the absence of the implementation of security standards and responsible privacy practices being considered and a regulation is sought.
But in reality legislation alone will not be efficient in all countries. Passing regulations would take too long and you can never keep up with the ever-evolving risk landscape. This has led to more than 100 industry stakeholders and consumer advocates creating the Online Trust Alliance (OTA), an initiative of the Internet Society.
The purpose is that all those involved, both the creators, companies, intermediaries and the consumer himself are put on alert to raise the security levels of the connected devices.
At this point some principles have been created to reduce risks and increase confidence. This is focused on creating a security sequence from the creation of each of the devices.
To do this, a list of options to evaluate has been created as shown in the box, which involves issues such as authentication, updates and other parameters that could help the population feel more secure.
Before buying technology
Thus, these would be some minimum security elements that each device would have to offer users, according to the Online Trust Alliance (OTA). With these requirements, the security of personal data could be increased.
· Authentication. Devices would have to request authentication to prevent malicious access.
· Encryption. Encrypting data prevents eavesdropping on sensitive data.
· Security. Security must be incorporated into all areas, devices, applications and services, whether offered directly or through third parties. They should be tested regularly.
· Updates. A secure device should provide updates safely and with minimal intervention or impact on the user.
· Privacy. Look for policies related to privacy.
· Disclosures. Privacy disclosures should be easy to find to make informed decisions.
· Control. Consumers should have choice and control over the reconnected data on the service device and the ability to transfer or delete the data in the event of loss or sale.
· Communications. Communications with the consumer after purchase must be established to proactively ensure using best practices to limit social engineering attacks.