If your IoT device secretly contained a microphone, which was previously undocumented, would you be happy when the device maker announced an over-the-air update that can enable the microphone for virtual assistant voice functionality? That’s what happened with the security alarm system Nest Secure.

@nest where in any of the nest guard product materials does it mention a microphone? Have I had a device with a hidden microphone in my house this entire time? — Me (@treaseye) February 4, 2019

We included a microphone in the Nest Guard with features such as the Google Assistant in mind.

It has not been used up to this point, and you can enable or disable it at any time using the Nest app. — Nest (@nest) February 4, 2019

When announcing that a software update will make Google Assistant available on Nest Guard, Google added, “The Google Assistant on Nest Guard is an opt-in feature, and as the feature becomes available to our users, they’ll receive an email with instructions on how to enable the feature and turn on the microphone in the Nest app. Nest Guard does have one on-device microphone that is not enabled by default.”

Nest Secure owners have been able to use Google Assistant and voice commands, but it previously required a separate Google Assistant device to hear your commands. I suppose it depends upon your outlook on if you are happy or creeped out that your security system secretly had an undocumented microphone capable of doing the listening all along.

Google didn’t really focus on the “surprise there was a microphone hidden in the Nest Guard brain of your Nest Secure” angle, preferring a take on how Google Assistant and Nest Guard can help you out. The announcement concluded with: “We’ve built Nest Secure around you and the way you live, so you won’t be able to disarm the system using your voice. With the Google Assistant built in, your security system is now even more helpful.”

More cybersecurity news

Kid’s creepy smartwatch recalled as hackers can locate and talk to kids

While we are on the topic of potentially creepy IoT devices, it would be remiss not to mention the European Commission’s recall of the Enox Safe-Kid-One smartwatch, which poses a “serious” risk to kids since attackers could locate or even communicate with kids wearing the high-tech watch. The watch has GPS, a microphone, a speaker, and an accompanying app. The recall is believed to be the first ever recall based on a product not protecting user data.

Not only did the European Commission determine that Safe-Kid-One “does not comply with the Radio Equipment Directive,” but “the mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.”

The Commission added, “A malicious user can send commands to any watch, making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”

Safer Internet Day

To celebrate Safer Internet Day, Google suggested using its “new Password Checkup Chrome extension.” In this first version of Password Checkup, which was developed “so that no one, including Google, can learn your account details,” Google explained, “If we detect that a username and password on a site you use is one of over 4 billion credentials that we know have been compromised, the extension will trigger an automatic warning and suggest that you change your password.”

In another Safer Internet Day post, Google mentioned a new survey (pdf) that found that 69 percent of the 3,000 Americans polled would give themselves an A or B grade when it comes to protecting their online accounts, yet 52 percent admitted to still reusing passwords. Despite only 32 percent of those surveyed being capable of correctly defining phishing, password manager, and two-step verification, 59 percent believe their online accounts are safer from threats than the average person's. Thirty-three percent still don’t regularly update their software or even know if they update their apps.

Clearly, there’s still a great deal of room for improvement on how to stay safe online.