IoT devices at home: are they spying on you?

Are smart devices really watching us?

The IoT is a network of devices that connect to the Internet and can send and receive data. Each device works simply: it receives a signal, performs an action, and sends the information back to the server. But over time, these small signals add up to a fairly accurate picture of everyday life.

A common myth is that manufacturers deliberately eavesdrop on users or spy on them. In fact, most smart devices are not constantly active. For example, a smart speaker only turns on after a key phrase, and a camera only transmits video when specified in the settings.

The problem lies elsewhere. Data can end up in the wrong place not because of collusion between companies, but because of weak security. Standard passwords, lack of updates, unstable connections, or outdated equipment open the door to outside interference. This is less like espionage and more like a situation where the doors to an apartment are locked, but the key is under the doormat.

Which devices require the most attention

The most sensitive gadgets are those that have access to a camera or microphone. These are the ones that raise the most questions and fears. However, the risk often increases not because of the device itself, but because of how it is connected and configured.

This is especially true for cheap or little-known brands that rarely receive updates. Over time, such devices may remain «open» to vulnerabilities, even if they appear to be working properly on the outside.

Robot vacuum cleaners

To navigate indoors, modern vacuum cleaners sometimes use fairly advanced navigation systems: sensors, laser LIDAR scanners, and, in some models, built-in cameras. In most cases, these cameras are only needed for spatial orientation — they identify objects and obstacles so that the vacuum cleaner can better avoid them. However, when such images are stored in the cloud or transmitted to third-party servers for processing by artificial intelligence, this can be a cause for concern.

In other words, technically, the robot can create a map of your rooms and recognise objects on it. If the data processing system is not configured correctly, this can create risks of leakage or unauthorised access to this data.

In 2022, an article in MIT Technology Review entitled «A Roomba recorded a woman on the toilet» drew attention to the issue of privacy in smart devices. It discussed the leak of images taken by iRobot's Roomba j7 robot vacuum cleaner: in addition to intimate photos, images of the interior of the house, furniture and layout were made publicly available. Initially, this material was used by the start-up Scale AI to train artificial intelligence, and subsequently some of it was distributed online.

Although only a few images were made public, journalists discovered that there were more than 2 million images in total. It was after this incident that many users began to wonder what data robot vacuum cleaners collect and whether «smart» technology could actually pose a risk to privacy.

But even if the vacuum cleaner does not have a camera, it can collect other information: about user habits, data on the layout of the room, routes, operating time, etc. Such data, in particular, can be sent to the manufacturer to improve cleaning algorithms or device support.

Smart speakers

Smart speakers have become commonplace household assistants: they play music, control lighting, set reminders, and answer questions. For this to work, the device constantly «waits» for a key phrase, which means its microphone is always active. It is this operating principle that raises the most concerns about privacy.

Manufacturers assure us that the speaker does not record everything and is only activated after a command. However, in practice, false positives are possible. A telling case occurred in the United States with an Amazon Echo smart speaker: the device misrecognised fragments of a normal conversation, recorded it, and automatically sent the audio file to a person on the owner's contact list. The family only found out about this after receiving a message from an acquaintance who had heard their private conversation. Amazon confirmed the incident and explained it as a chain of voice errors.

This story shows that the risk lies not so much in deliberate espionage as in the peculiarities of voice assistants such as Amazon's Alexa or Apple's Siri. Short fragments of conversations may be stored to improve service quality, and users are not always aware of this. That is why it is important to check your settings, turn off voice history storage, regularly clear recordings, and restrict access to your account.

Home CCTV cameras

Many people install CCTV cameras at home to feel more secure and monitor the situation without leaving the room. The ability to see what is happening near the doors or in the yard at any time really adds to the feeling of security. At the same time, it is worth remembering that without proper protection, unauthorised persons can also gain access to such cameras.

A case in the United States, where a hacker broke into the Nest security system and had access to the home network for a long time, is illustrative: he communicated with a child through the camera, changed the climate settings in the house and watched the family until the hack was discovered. That is why experts advise using two-factor authentication so that every attempt to log into the system is confirmed by a message sent to your phone or email.

Smart TVs

Smart TVs have long ceased to be mere screens for watching terrestrial channels. They are constantly connected to the Internet, have their own apps, voice control and personalised content recommendations. To make all this work, the TV analyses what you watch, how often you turn on the device and what services you use. For most users, this seems like a small price to pay for convenience, but over time, such data forms a fairly accurate digital portrait of a family's habits.

And this is not just theory. Research by specialists at Northeastern University and Imperial College London has shown that some smart TVs, in particular models from Samsung, LG, Roku and Amazon Fire TV, transmitted data about the IP address, location and behaviour of users even when they were not using streaming applications. Some of this information was sent not only to manufacturers, but also to third-party companies and advertising services.

Special attention should be paid to televisions with built-in microphones or cameras. They are designed for video calls and voice control, but may be active by default. It is precisely because of the use of Automatic Content Recognition (ACR) technology that regulators in the United States have filed lawsuits against a number of manufacturers, accusing them of collecting viewing data without clearly informing users and obtaining their consent.

Ultimately, smart TVs are not a threat in themselves, but like any IoT device, they require attention. Checking privacy settings, turning off unnecessary tracking features, regular updates, and a secure internet connection help maintain a balance between comfort and security while watching.

How to reduce risks

When talking about the security of Internet of Things devices, it is important to remember that a stable connection, correct settings and responsible model selection are the three components of a secure «smart home» where comfort does not conflict with privacy.

If the connection is unstable, devices may malfunction, miss updates, or behave unpredictably, which increases privacy risks. That is why it is important for a modern home to have not only fast, but also stable and reliable Internet. A connection from Maxnet allows smart devices to work as they should: without glitches, freezes, or «strange» behaviour. When the network works reliably, the likelihood of security problems is reduced.

However, even the best internet connection cannot replace user attention. To minimise risks, follow these rules:

• Change default passwords immediately after connecting a device and use complex, unique combinations for each gadget.
• Enable two-factor authentication if available, especially for cameras, speakers, and smart home control via an app.
• Regularly update firmware and apps — updates often close discovered vulnerabilities.
• Check your privacy settings — turn off voice command history storage, unnecessary activity logs, and data transfer if you don't need them.
• Restrict access to the camera and microphone — turn them off when not in use or use physical covers.
• Separate your networks — if possible, connect IoT devices to a separate Wi-Fi network, not the one where your work or personal data is stored.
• Choose well-known manufacturers, who regularly release updates and are open about their data processing policies.
• Periodically check the list of connected devices on your router — this will help you spot suspicious activity.

When your equipment is set up correctly and your network is stable, modern technology remains on your side — comfortable, safe and under control.