Security For Google’s New Home Assistant May Get Lost On The IoT

Wayne Rash,

GOOGLE I/O 2016 ANALYSIS: Nobody knows what security is planned for Google Home smart assistant, but buyers need to think about security no matter Google provides

Data protection

“Google is able to combine data in ways that Amazon can’t,” said Dimitri Sirota, founder and CEO of BigID, a company that focuses on privacy and security. “Google has visibility into your day to day activities.”

Sirota said that with products such as Nest, and with access to a vast array of information through their mobile devices and new automotive products, Google already knows what you buy, where you go, and when you’re home. He wonders if a device such as Google Home might provide access to all of this information.

android Fake ID flaw BlueboxMaking matters worse, Sirota pointed out that the regulation of IoT devices when it comes to privacy protection is unclear. While the EU has the General Data Protection Regulation (GDPR) the U.S. doesn’t have an equivalent regulation so there is less privacy protection.

On top of that, data about nearly everyone is being collected by new sensors and is coming from new sources. Now, it’s possible to know not only whether you’re home or at your office, but what room you current occupy, perhaps what you’re having for dinner, when you’re planning to go out for the evening and where you’re planning to go.

Google I/O 2016: Google Duo and Allo Smart Messaging / Android N For Businesses  / Android Wear 2.0 Adds Standalone Apps Daydream VR Platform / Try our Android Quiz!

Internet Of Threats

Because Google knows so much about you they’re acting like your mother by anticipating what you want,” Sirota said. He pointed out that most people affected by Google’s plans are adults who may not want their virtual mother looking over their shoulders. “All of a sudden, those interfaces are all around us.”

The chances are actually pretty good that Google will embed some actual security into their Home device when it ships later this year, but then the next question becomes how well it can protect data on an insecure network. Will the data stream be well enough protected that even if hackers get into the network, the data will be useless? And if the data is breached, just how much other data will be suddenly available to those same hackers?

Perhaps the Google Home device will be able to determine whether it’s on a properly-secured network, and refuse to handle sensitive data if it’s not. But considering the sad record of previous IoT devices, I wouldn’t bet a lot on that eventuality.

But what’s worse is the rest of the vast network of Things on the IoT that aren’t secure, can’t be made secure and can’t even be updated so they can be made secure. Adding to that dismal outlook are all of those devices where security is possible, but is never actually done.

To say that this growth to the IoT is going to make the world a more interesting place is an understatement; it will also make the world a much more frightening place.

Quiz: What do you know about Android?

Originally published on eWeek

Does it matter to your business whether your data is stored in the EU?

View Results

Loading ... Loading ...