Scopophobia is a fear of security cameras — the concern that behind their small, beady lenses, someone is watching you. If that concerns you, you aren’t alone; according to surveys, as many as one in three people worry that their smart home might fall victim to malicious hackers. That particular fear has been a subject of discussion since the earliest days of the smart home, and for good reason.
Bad actors have taken advantage of smart home systems in the past. In 2021, South Korea experienced one of the most audacious smart home hacks in history, with more than 700 apartments being digitally breached. In 2023, a Ring camera was hacked and used to make inappropriate comments toward the homeowner.
Incidents like the latter occurred more frequently in the early days of smart home technology. In the intervening years, companies like Google, Ring, and others have made security a central focus for new products. While that hacking scene from 2022’s Scream is technically possible, it’s also unlikely.
But with that in mind, a new potential avenue for risk has emerged in the form of artificial intelligence. Last week, a new report demonstrated how researchers used Google Gemini to take control of connected smart home devices through malicious code hidden in a Google Calendar invite.
The event marked one of the only times (and potentially the first time) that this technique was used in a real-world attack. Dubbed “promptware,” the attack method has raised concerns over the use of artificial intelligence in relation with smart home technology. However, many of those concerns are taken out of context and proportion. Is it a risk? Absolutely. Is it likely to happen to you?
We’ll put it like this: If it does, you should buy a lottery ticket.
What is “promptware?”
This specific hack was performed through a “prompt-injection attack.” The attack hid instructions inside a Google Calendar alert masked as a run-of-the-mill invitation. Its intention was to lie dormant until a user asked Gemini to summarize their schedule for the day, and then trigger based on a common, mundane response like “thanks” or “sure.”
Once activated, the instructions would set off different devices within the home. It was a proof of concept; an actual attack would likely be less visible but could grant access to interior devices like cameras and speakers, or could open a backdoor to access information stored on the devices.
What makes promptware a greater threat is that traditional firewalls, antivirus software, and other tried-and-true methods offer no protection against it. Typically security software isn’t designed to protect against this unique blend of automation and social engineering.
Social engineering itself has become a much larger threat in recent years. For those unfamiliar with the term, social engineering is the use of deception to manipulate someone into revealing private and/or personal information. Have you ever received a friend request on Facebook from an obviously false profile? That’s a common first step. By creating a sense of trust through a familiar face and using the disconnected nature of the internet as a go-between, bad actors can prey on vulnerable targets.
While using Gemini to control your smart home is convenient, you can improve your overall smart home security by restricting what Gemini and other AI agents have access to. The researchers behind the promptware study specifically suggest limiting access to smart home controls and personal calendars.
What are the actual chances of a smart home being hacked?
Here’s the thing: most “hacking” attempts aren’t hacking at all. They’re phishing or another lower-level form of violation. Having your password stolen and used against you isn’t a hack in the true sense of the word, and something like the prompt-injection attack used by researchers requires a lot of effort. The majority of bad actors want to gain access to steal personal information that can be used for identity theft or to make a few credit card purchases. Sometimes that information is gathered and then sold to third parties.
Hacking a smart home takes a lot of effort, especially as device security improves. Taking control of devices to turn lights on and off has more in common with juvenile pranks than it does with a coordinated effort to steal something. And unlocking someone’s front door through a smart device, while a potential way to gain access to a home, is not a threat for the average person.
If you’re wealthy and live in a large house, there could be a higher chance of being targeted for theft — but a lot of break-ins (around 41%) are crimes of opportunity, and most burglars live relatively nearby the homes they break into.
Unless you have wealth on display, most passers-by won’t specifically aim for your home. That means keeping things subtle; no large TV boxes at the curb, no posting about new acquisitions on social media, etc.
If you have a smart home, then you likely have a security system too. Good news on that front: when questioned, roughly 50% of burglars said a security system would deter them from a home.
The truth is that nothing will stop a determined burglar, especially when the easiest method of entry is to kick down a door or break a window. But with most thieves targeting low-hanging fruit, a security system and smart home tech can actually serve as a deterrence. Your smart home is more likely to keep your home safe than it is to make it a threat.
If you want to take steps to protect your smart home, we have numerous guides on how to do exactly that.
