Europe requires new safety standards from August 1

He is not a simple blender. The Thermomix TM5 (700 to 800 euros purchased reconditioned) from Vorwerk also knows how to knead, whisk, grind, mince or even steam. Identify an idea meal? Look for recipes on your application, they will appear on the integrated screen of the famous robot-household. Intelligent cuisine puts itself at your service. Magic of connected or witchcraft objects? Suddenly, the device starts to work on its own, the temperature rises and goes down as it pleases, a message is displayed on the screen: “Synacktiv”.

Pirates have taken control of the thermomix! The experience is spectacular but without impact. It is signed by the Offensive Cyber-Security company Synacktiv, which intends to raise awareness of the faults of our connected objects. Ethical pirates had to dismantle the machine to introduce their malware. The approach pushes to question: does he have a blind confidence in our connected objects? And have we still taken on what they know about us?

Passwords and updates

“As soon as you have this type of device, you open access, for the company, to part of your privacy,” says Thibaut Henin, a legal expert in computer science. Fortunately, consumers’ room for maneuver exist, provided you know where the risks are located. “The level of security of the objects that we buy is very disparate according to the manufacturer and the seller,” warns Florent Della Valle, head of the technological expertise at the National Commission for Data Protection (CNIL).

Telephones, computers and connected watches are among the most secure objects. On the other hand, it is necessary to be vigilant with the small household appliances, of kitchen, connected scales, interior cameras, thermostats, babyphones, connected toys … “There are flaws everywhere”, notes Thibaut Henin: “The economy makes the first which leaves the product wins the market. You have to go always faster. However, repairing these flaws at a cost for the company. Not all manufacturers are ready to pay it.

A European directive will however force them to put their radio devices (which emit or receive radio frequencies, Wi-Fi, remote control, etc.) to safety standards from August 1. A requirement extended to all digital objects by 2027 under Cyber Resilience Act. However, this significant regulatory strengthening does not erase the need, for everyone, to protect themselves on their own scale.

Cybersecurity experts insist on the importance of good digital hygiene. To prevent intrusions is first to strengthen your basic defenses: choose solid passwords (a sentence, for example), change them for each account, use a manager to memorize them, not click on suspicious links, make the systematic updates of connected objects such as phones and computers … simple but crucial gestures.

There remains the question of confidence: do these devices listen to us without our knowledge? Can we prevent our data from being collected, crossed, sold? Regarding vocal assistants, it is only from the moment they hear “Ok Google”, “Alexa” or “Siri”, whether they position themselves in active mode to process our requests.

“If they listened to us and understood us permanently, they would no longer have a battery,” would like to recall Marie Pandavoine, a doctor of cryptography and founder of the Skyld start-up. And only employees can have access to this data, which must remain confidential. “The publisher has little interest in listening to your conversations or watching your films. What interests him is to monetize the mass, ”supports Corinne Henin, cybersecurity expert. Listening is a means, resale of data an end.

Limit profiling

Why, then, do we receive targeted advertisements just after a conversation? Profiling is less about listening than crossing data. Imagine two friends in the same room discussing a future trip to Greenland. The two phones limit in the same place. Perhaps they are connected to the same Wi-Fi network? The two people are also friends on their social networks (Facebook, LinkedIn, Instagram, etc.). One of the two did research on Greenland. The other had never been interested in it but prospected a lot on the internet about hiking, polar jackets and native cultures.

If it is difficult to completely escape targeted advertising, it is possible to limit this profiling: by systematically refusing cookies to the entrance to a site, by configuring connected devices to allow only the strict necessary data sharing … or by wondering, before buying an intelligent object: do I really need it?