What it does. Modern multitasking parents can check in on their infants via smartphone using fully networked, motion-sensing, HD video-streaming systems with built-in speakers that let them talk to their baby while loading up the washing machine.
That type of right-there access is comforting for a parent, but it’s positively sickening if a hacker is also tuning in. The threat isn’t theoretical. In January, it was reported that a nanny in Houston heard an unfamiliar voice coming from a two-way baby monitor made by Foscam. According to reports, the voice said, “That’s a really poopy diaper,” then warned her to password-protect the camera.
In 2013 and 2014, the British press reported that sadistic hackers took over monitors to scream at sleeping children, and last fall officials in the U.K. warned that live feeds from baby monitors and home security cameras around the world were accessible to the public on the Internet. When Consumer Reports checked recently, we found a site that was still hosting security-camera feeds, including some that appeared to be from people’s homes.
What you need to know. An unprotected camera is worse than no camera at all. Internet-connected baby monitors and home security cameras use your home Wi-Fi network, and certain models can communicate directly with a phone using Bluetooth when you’re home. Parents need strong passwords on their home network and on the baby monitor itself to keep the feeds secure.
What it does. Blood glucose test results help diabetics manage and treat their condition. Connected meters, such as the OneTouch Verio Sync, send test results to a smartphone app and can even pass the data along to your doctor. The meter can store hundreds of results gathered over time.
What you need to know. When you use one of these devices at a hospital or doctor’s office, the medical information it produces is protected by the Health Insurance Portability and Accountability Act, the law governing the privacy of medical records. But HIPAA doesn’t protect your data when you use the devices on your own outside a medical setting. That leaves the burden on consumers to learn how their data is being protected and how it is shared. OneTouch says it encrypts personally identifiable data and health data it transmits from the device. But not all health apps do. In a 2013 Privacy Rights Clearinghouse report analyzing 43 health and fitness apps, researchers found that very few encrypted their data.
Use our guide to digital security to stay safe online.
What it does. Connected thermostats are like ordinary programmable thermostats on steroids. They may sense when people are home, learn a family’s preferred temperature settings, and allow users to make adjustments remotely using a smartphone. Features vary: The Honeywell Lyric employs geofencing—it tracks whether homeowners’ phones are nearby—and the Nest programs itself by observing when users are home or away. Nest, which is owned by Google, is courting connected-home partners including LG refrigerators, lock companies, and Dropcam security cameras (also owned by Google).
What you need to know. In order to work, some smart thermostats need to track when you are home. If that unnerves you, you’re not going to want one of those products.
What it does. Ah, the elixir of wakefulness! Anything that makes coffee faster and easier is welcome in many households. The Mr. Coffee Smart Optimal Brew Wi-Fi-connected coffeemaker is one of several appliances that works on Belkin’s WeMo platform. It can tell you when your coffee is ready, remind you to set up the machine in the evening, and let you change the brewing delay remotely.
What you need to know. When you interface with your coffee machine via an app, your brewing habits can become the property of the coffeemaker company and the app developer. It may not seem like the most compromising information, but it’s a pretty good indicator of when you’re home, when you wake up, and just how on edge you might be. Plus, in our experience with Mr. Coffee’s Wi-Fi model, if you turn off the network connection, you won’t be able to program the machine.
What it does. In a fitness-obssessed society like ours, it’s tempting to want to calculate every move you make. Activity trackers can record the miles you’ve walked, how far you’ve swum, how well you slept, and how quickly your heart has been beating. Some will map out your run using GPS capabilities.
What you need to know. Data transmitted from a tracker to its smartphone app may be sent unencrypted. The information includes the user’s name, address, password, and, potentially, GPS data. A burglar—or stalker—armed with that data could surmise that you go out for a run through a nearby park every day at 6 a.m. Activity trackers are used in many corporate wellness programs; some advocates and researchers worry that such initiatives could lead to intrusive monitoring of employee habits in the future.
What it does. Want to let the plumber in while you’re away? Leaving a key under the mat is the classic workaround—and it’s a bad one. New connected locks allow the user to provide one-time, short-term, or scheduled access to a home. Certain locks even allow the user to unlock the door remotely through a home Wi-Fi network. Connected locks work with the user’s own smartphone—so you have fewer items to carry, fumble with, and potentially misplace.
What you need to know. Security researchers have successfully hacked into connected household locks. Certain locks can be linked with home-automation ecosystems, such as Works with Nest and Apple’s upcoming HomeKit. The downside to connected-home ecosystems is that they consolidate a lot of your home’s data on a single corporation’s servers. But those companies are requiring partners to include security and privacy protections.
This article also appeared in the June 2015 issue of Consumer Reports magazine.
Consumer Reports has no relationship with any advertisers on this website. Copyright © 2006-2015 Consumers Union of U.S.