Alexa privacy fail highlights risks of smart speakers

One of the biggest problems with all this technology is that the emphasis is on ease of use over security, said Rebecca Herold, CEO of the the consulting firm Privacy Professor.

“In this case, relaying only the word ‘Alexa’ can get the digital assistant to start communicating and acting,” Herold said. “It’s the security equivalent of using a computer password that’s 1-2-3.”

Considering these devices listen on a continuous loop, “I would have grave concerns about using one in my own home as a privacy researcher,” King added.

I still find it hard to believe we put more listening devices into our homes willingly. The phone is bad enough, somewhat hard to avoid. How do we willingly dot our homes with more of them?

— zeynep tufekci (@zeynep) May 24, 2018

Alexa privacy fail highlights risks of smart speakers
Alexa privacy fail highlights risks of smart speakers

Amazon introduced its Echo product in November 2014, an oddity at the time that also featured the company’s Alexa virtual assistant. Since then, connected speakers have become one of the fastest-growing technical innovations in the tech industry. Despite questions about digital privacy issues that come with putting internet-connected microphones around their homes, 44 percent of adults in the U.S. said they planned to purchase a smart speaker, according to the Consumer Technology Association.

In the growing battle for that consumer base, Google and Apple have released their own counterparts, and Facebook reportedly is developing its own version.

Image: Google's Olsson speaks during a launch event in San Francisco
Isabelle Olsson, Google’s Head of Industrial Design for Home, speaks about the Google Home Mini during a launch event in San Francisco on Oct. 4, 2017.Stephen Lam / Reuters file

All of these companies started out on the Internet, which has traditionally had a culture of launching products before they’re entirely ready and debugging in real time, King said.

The upside of these devices is that they offer a simple user interface and unique capabilities, such as regulating temperatures in different rooms, turning on lights, sending emails, ordering pizzas and much more.

Those features, however, can overshadow the security issues inherent in providing access to a home network.

Herold points to the backlash in 2015 when parents discovered that Hello Barbie, an interactive toy that recorded children and sent the data over the internet, was vulnerable to hackers who could access that information.

So I just threw my smart speakers into the garbage

— Katie Benner (@ktbenner) May 24, 2018

More Americans are becoming wary of technology and concerned about cybersecurity — especially in the wake of the Portland incident and other high-profile data security issues such as Facebook’s Cambridge Analytica scandal.

Amazon didn’t provide the most reassuring explanation either.

“Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud, ‘To whom?’ ” a rep for the online giant said in a statement to the tech site Ars Technica.

“The background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right.’ As unlikely as this string of events is, we are evaluating options to make this case even less likely.”

How to make sure your Amazon Alexa isn’t spying on you

— Brian Koerber (@bkurbs) May 25, 2018

Experts say that these virtual assistants must do a better job at partitioning different types of information with different layers of security to prevent private information from being so easily shared. Not that the concerns are slowing down the rapid growth of the technology: One homebuilder is working on integrating Amazon’s Alexa through entire houses; Toyota is adding Alexa to its cars; and Amazon announced that there will be Alexa for workplaces.

“I advise my friends that have them, if you don’t think you are going to need it at the moment, unplug the devices,” Herold said. “That might defeat some of the ease of use, but, seriously, what takes longer: 20 seconds to plug your device back in or weeks of trying to undo a mistake that occurred by something that was misinterpreted by a smart device that didn’t turn out to be so smart?”

Similar Posts