Ring employees accessed thousands of customer videos from bedrooms and bathrooms, a scandal that exposed how routine privacy violations have become within the smart home industry. This wasn't a sophisticated cyberattack, but rather internal surveillance enabled by lax controls. The FTC fined Amazon's Ring £5.6 million, revealing that until 2017, any employee could freely view and download customer footage without oversight. This incident highlights the broader crisis of trust facing AI-powered consumer devices.

Cyberattacks on smart home devices surged 124% in 2024, with IoT malware incidents jumping nearly 400% in recent years. Beyond external threats, manufacturers themselves often compromise user privacy. Ecovacs vacuums were caught surreptitiously recording audio and photos to train AI models, while iRobot's leaked Roomba images exposed sensitive home scenes. Smart speakers store recordings indefinitely by default, and facial recognition software frequently misidentifies people of color, leading to FTC fines against companies like IntelliVision.

Current regulations like the UK's PSTI and the EU's Radio Equipment Directive mandate banning default passwords and requiring security updates, but compliance remains inconsistent. The US Cyber Trust Mark offers a voluntary labeling program for secure devices, yet consumer awareness remains low. Most users feel powerless, with 75% believing they should do more to protect themselves but lacking the technical knowledge to evaluate risks effectively against sophisticated manufacturers.

Consumers can take immediate steps: enable multi-factor authentication on every device, change default passwords using a manager, and segment IoT devices onto a separate guest network to isolate potential breaches. Research products thoroughly before buying, checking for past FTC enforcement actions. Ultimately, while individual vigilance helps, systemic change requires manufacturers to prioritize security-by-design over rapid feature deployment and data collection.