Full Report
UK consumer group Which? finds some everyday items including watches and speakers are ‘stuffed with trackers’Air fryers that gather your personal data and audio speakers “stuffed with trackers” are among examples of smart devices engaged in “excessive” surveillance, according to the consumer group Which?The organisation tested three air fryers, increasingly a staple of British kitchens, each of which requested permission to record audio on the user’s phone through a connected app. Continue reading...
Analysis Summary
# Main Topic
Smart consumer devices, including air fryers, watches, and audio speakers, are engaging in "excessive" surveillance by collecting significant amounts of user data, as highlighted by findings from the UK consumer group Which?.
## Key Points
- Specific devices like **air fryers** were found to be gathering personal data via connected applications.
- **Audio recording capability** was identified, with air fryer companion apps requesting permission to record audio on the user's phone.
- Other common smart items, such as **watches and speakers**, were described as being "stuffed with trackers."
- The investigation points to widespread and potentially intrusive data collection practices across everyday smart home technology.
## Threat Actors
- No specific malicious threat actors (e.g., APT groups) are mentioned.
- The primary entities implicated are the **manufacturers/developers** of the smart devices and their associated applications responsible for the data collection practices.
## TTPs
- **Excessive Data Collection:** Devices and apps are collecting data beyond what is necessary for core functionality (e.g., requesting audio permissions on an air fryer app).
- **Tracking:** Implied use of various tracking technologies embedded within the hardware or software of the consumer electronics.
- **App-Based Permission Abuse:** Utilizing connected smartphone apps to solicit intrusive permissions, such as broad audio recording access.
## Affected Systems
- Consumer electronics marketed as "smart devices."
- Specific examples identified include:
- **Air fryers** (at least three models tested).
- **Watches** (implied smart/wearable devices).
- **Audio Speakers** (smart speakers).
- Affected users are primarily **UK consumers** utilizing these modern connected kitchen and household items.
## Mitigations
- **Review App Permissions:** Users should manually check the permissions granted to companion apps for smart devices (air fryers, speakers, etc.) on their smartphones.
- **Limit Audio Access:** Users should deny unnecessary audio recording permissions to non-communication applications.
- **Device Scrutiny:** Consumers are advised to exercise caution and research the data handling practices of smart device manufacturers before purchasing, in line with consumer group investigations.
## Conclusion
The findings indicate a significant consumer privacy risk stemming from the pervasive and excessive data collection inherent in many popular smart consumer devices. The practice of embedding numerous trackers and soliciting broad permissions (like audio recording) for seemingly simple appliances treats users as a data source. Consumers must actively manage app permissions and scrutinize the privacy policies of connected hardware manufacturers.