When Private Data is in the Wrong Hands

A small Amazon Echo is on a bedside table. A girl is sitting in a chair next to the table, tying her shoelaces.

writer icon Paige Whitehead     Amazon   |   Tech     🕐 22. Aug. 2018

From tracking cookies to being aware of listening devices such as Amazon’s Echo, it is becoming increasingly difficult to keep tabs on our personal information.

Information at all costs
Corporations collect data for several reasons. Consumer data can help them improve their products both internally and externally. It can make products more customer friendly and improve the customer experience. The data can help predict what the future market wants by looking at user trends. It can also sell user information to data brokers, who generally use it for advertising.

With so many advantages, it is not surprising that companies want as much user data as they can get. In June 2018, the Norwegian Consumer Councils published an analysis on how companies subvert efforts for users to maintain their privacy. Giving the illusion of user control, companies make it simple for users’ privacy to be invaded, and difficult for it to be protected.

Companies use complicated systems and confusing language to manipulate users into choosing the easier option. The easier option usually gives companies more access to user data. The question is, are companies willing to protect the data which they fight so hard to collect?

History should not be repeated
In 2011, Sony experienced a massive outside hack of its PlayStation Network that left millions of user accounts exposed to theft. Many people had their bank information stored on their account in order to make quick purchases online.

The Sony hack was one of the largest in internet history. Sony waited a week before informing users that their private data had been breached, claiming it took them several days to grasp the scope of what happened. With the users uninformed as to why Sony’s PlayStation network was down, they were not able to act against the threat, such as by informing their bank or cancelling their account.

How much information could a hacker obtain from someone's listening device, if they had access to it for seven days? If the same sort of breach that Sony experienced were to happen to Amazon's Echo?

A demonstration of power
At a Defcon Conference in Las Vegas, Chinese researchers hacked into an Amazon Echo listening device. Using their own Echo, they silently hacked their way into another Echo and were able to listen to the conversations it recorded.

The method was complicated and required physically breaking into the Echo to hack it. Amazon was subsequently notified of the hack by the researchers and has already released a security update to counter it. That does not mean that the threat has disappeared. As technology improves, so do the skills of those who want to exploit it.

Potentially high risks

If hackers could silently exploit listening devices, they could gain access to much more than our conversations. Listening devices have the potential to record bank card numbers, personal identification numbers and much more private information.

A thief hacking into a device could collect enough data to commit identify fraud or empty a bank account. Governments could potentially spy on citizens through hacked listening devices.

Echoes are already making their way into university dorms and hotels, along with our homes. With the abundance of these listening devices, one must ask if the technology is truly secure enough to keep our data protected? So far, large companies have been vague about their privacy laws and ethics. Are they as ambiguous about protecting our data as they are about collecting it?

We believe that information should be free and will therefore never put up a paywall.

If you like reading our reports about the Scandinavian business scene and would like to donate towards the upkeep of the site, we would be very grateful. Click here to donate.

Most Popular Articles of October

Most Popular Articles of this Year