Smart Home, IoT & Domestic Surveillance
Smart home devices are convenient. They are also a network of microphones, cameras, and sensors that report your activity to manufacturers, third parties, and anyone with access to the account.
The House That Watched Her Leave
Prerna had been planning to leave for weeks. She had been careful: no calls from home, money withdrawn in cash, a bag packed and hidden.
The morning she left, her partner knew within minutes. He called from two streets away.
A support worker later helped her audit the house. The thermostat was logging her occupancy patterns. The doorbell camera had motion alerts sent to a shared account she had forgotten about. The smart speaker's activity history showed every voice query she had made.
He had not installed anything. He had simply kept access to devices they had set up together.
The smart home had been built by both of them. It had become a surveillance tool for one of them.
What Is Actually Happening
68%
of domestic abuse survivors report that their abuser used smart home or IoT devices to monitor or control them.
Shared account access to home devices is the most common vector, no specialist software required.
Source: Safety Net / NNEDV Tech Safety Survey, 2024Always-On Microphones Log Activity
Smart speakers maintain voice activity logs accessible to anyone with account access. Amazon, Google, and Apple have all confirmed that human reviewers listen to a sample of recordings. Shared accounts mean shared visibility into every interaction.
Most Commonly Exploited Home Device
Baby monitors are among the least secured devices in the home. Default credentials are frequently unchanged. Several documented cases involve monitors accessed remotely by strangers, with audio transmitted without the family's knowledge.
Five Smart Home Risks
Smart Speakers and Always-On Listening
Wake-word detection means the microphone monitors continuously before activation. Voice activity logs are stored and accessible to anyone with account access. Shared household accounts mean a former partner or housemate retains visibility even after they leave.
Smart Locks, Cameras, and Doorbells as Surveillance
Smart locks log every entry and exit. Cameras send motion alerts in real time. These are legitimately useful features that become surveillance tools when account access is shared with someone who should no longer have it. Doorbell camera footage has been used in stalking cases.
Baby Monitors and Remote Access Vulnerabilities
Baby monitors with default credentials and unpatched firmware are accessible to anyone who scans for them. Several documented cases show external parties accessing audio and video feeds in family homes. Factory-set passwords are the primary vulnerability.
Domestic Violence and Smart Home Abuse
Smart home devices are now a documented tool of coercive control. A shared account on a thermostat reveals occupancy patterns. Camera notifications confirm when a person is home. Voice history shows what they searched for. None of this requires specialist spyware, it requires shared account access and a victim who did not know to revoke it.
Securing Home Devices
The three most common IoT security gaps apply across all device categories: default passwords left unchanged, unencrypted data transmission, and third-party data sharing enabled without awareness. All three are fixable.
Try It: Smart Home Security Audit
Work through each device type. Check off security actions as you complete them.
What That Just Showed You
Default credentials are everywhere.
The audit shows the same gap across routers, baby monitors, cameras, and smart locks. Most homes have at least one device running its factory-set admin password. These credentials are publicly listed online and trivial to try.
Shared accounts are the domestic surveillance vector.
No technical attack is required. Shared household accounts on a doorbell camera, thermostat, or smart speaker provide real-time monitoring to anyone who still has access. This is the most common IoT safety issue in domestic abuse cases.
Most of the checks take under two minutes.
Changing a default password, checking for a firmware update, or reviewing who has account access are not complex tasks. The gap is not capability — it is awareness that the risk exists in the first place.
Three Things Worth Doing
1. Audit shared account access on every smart device after a separation. Smart locks, cameras, speakers, and thermostats all have user management settings. Remove any account that should no longer have access. This is the most common oversight in domestic safety planning.
2. Change default credentials on every IoT device the day you set it up. Baby monitors, cameras, and routers all ship with default admin passwords that are publicly listed. Changing them takes two minutes.
3. Put IoT devices on a separate network. Most routers support a guest network. Connecting smart home devices to a separate network from your phones and computers limits what a compromised device can access.
One Question Before You Continue
Prerna's partner used smart home devices to track her. He had not installed any specialist stalkerware. How was this possible?