With the growing number of connected devices in the world, especially voice-activated devices that listen constantly, Sen. Mark Warner, D-Va., is worried about the security of our conversations.
"The challenge has been so far is the devices makers on the higher end are happy to help, but if somebody is selling a cheap appliance or a cheap sensor and it costs $10 or $15, they don't want to spend the extra $0.15 or $1 to put in basic security," Warner said to CNBC.
"I think the cost that would come back in when you realize all these potential devices that are basically hackable, expanding the surface of vulnerability is going to be 100X to go back and retrofit."
Warner spoke about about hacking concerns in light of Russian meddling during the last U.S. election at the South by Southwest Festival in Austin, Texas, on Sunday. Last year, Warner led a congressional push to regulate online political ads after Russian operatives bought ads on Facebook, Twitter and Google in an effort to influence the 2016 presidential election.
Gartner estimated there will be 11.2 billion connected devices across the world by the end of this year, with consumer-focused products making up the majority of that figure. The number is expected to grow to 20.4 billion by 2020. About 39 million Americans own a smart speaker such as the Amazon Echo or Google Home, according to a recent study from NPR and Edison.
While the larger smart device manufacturers like Amazon, Apple and Google are "further along" at providing security, Warner is concerned about cheaper manufacturers who may not provide these safeguards in order to cut costs.
"When you get up to personal assistants I think there are some securities in there, but when you get into sensors, there's all kinds of low-end devices that are made remarkably cheap that are going to be connected," Warner said.
The minimum United States government should do is purchase IoT (internet of things) devices with minimum safeguards, which is what his bipartisan legislation with Sen. Corey Gartner, R.-Co., would require Warner said.
"Any IoT device that we purchase with public dollars has to be patchable, can't have an embedded password, ought to have some ability of known vulnerabilities so that at least we guarantee that the billions of devices the government will buy over the next few years don't come fraught with peril," Warner said.