Remote takeover and manipulation of gadgets by companies predicted to increase
Image credit: Reuters
Industry analysts say that companies are exerting greater remote control over consumers’ devices, changing how they work, removing or adding software and content and collecting personal data from users – often without the device owner’s express permission.
Last month, Samsung remotely disabled all the functionality on any remaining Galaxy Note 7 smartphones still being used, setting a new level of remote control by the issuing company over a user’s personal device. The Galaxy Note 7 was a high-profile disaster for Samsung, prone to battery fires and explosion.
"[The Samsung case] is exactly an example of how devices are no longer objects we own, but rather services we've subscribed to and which can be revoked at a moment's notice," said Stefano Zanero, an Italian computer security expert.
Samsung said it had retrieved 96 per cent of over three million Galaxy Note 7 handsets sold and activated. This left approximately 120,000 phones unaccounted for. These have now been completely disabled by an over-the-air software update and by telecom operators barring them from their networks.
"We assume the majority of unreturned devices are not actually used"
"We assume the majority of unreturned devices are not actually used," said a spokesperson for the South Korean firm.
Mahbubul Alam, chief technology officer at Movimento, a car tech firm now owned by Delphi Automotive, says manufacturers have moved on from just selling a device and hoping there's no recall to a world where they are in touch with users through internet-connected devices that they can "change, modify, adjust" as they see fit.
"With power comes responsibility," Alam said. "It's a new power that the device manufacturers and telcos have. How they exercise their responsibility is very important."
In 2016, HP Inc used a software update to prevent unofficial ink cartridges being used with some of its printers. After some users complained, HP offered an optional update.
In other cases, manufacturers use firmware updates to prevent people using their devices in ways not officially sanctioned. Apple continually updates the firmware on iPhones to keep ahead of users' attempts to “jailbreak” their devices in order to install non-approved apps and tweak functionality.
Bryan Hale of Resin.io, which distributes software updates to connected devices, says gadget makers increasingly realise that connected products are only as good as the software on them. That means they can't afford not to figure out how to update that software. Hacking attacks on appliances like CCTV and webcams highlight the pitfalls of not keeping devices updated.
Other companies are seeking to exploit their direct connection to a device as a marketing opportunity, using over-the-air updates to collect user information and push services and apps on to their devices.
In the United States, Chinese firm Shanghai ADUPS Technology faces two class-action suits after a security company found ADUPS Technology had installed software on thousands of mobile devices that collected data without users' permission. One suit alleges the software "could also remotely reprogram the devices and install applications on consumers' phones without their knowledge or consent."
Other companies recognise the advantages of retaining a degree of remote control. It can reduce the costs of service centres and staff, as devices can be updated automatically over the air, doing away with the need to direct consumers to a physical store. This approach is also transforming the automotive world, where nearly a third of car owners never respond to a product recall, says Alam. It can cost a car company a significant amount of money trying to reach out to every affected owner – money saved by pushing over-the-air updates. Tesla, for example, pushes updates and features to its cars wirelessly, removing the need for dealers.
European Union law, however, is set to introduce more stringent rules on privacy and data protection, beginning in 2018. Thus far, update tactics such as Tesla’s have existed in a legal grey area.
In the US, the scene is also changing. The US Federal Trade Commission reached a settlement with Vizio - a US-based appliance maker being acquired by Chinese conglomerate LeEco - over software that automatically collected data on the viewing habits of users from its smart TVs. Vizio has now agreed to make it clear to users what data it would like to collect and must first seek their approval.
As devices become increasingly pervasive in consumers’ lives, notably driven by the expansion of the Internet of Thingsm where more and more gadgets are permanently connected to the internet, further conflicts between ease of use and data privacy seems likely. Further regulation from governments in each global territory is likely.