One of the biggest problems with all this technology is that the emphasis is on ease of use over security, said Rebecca Herold, CEO of the the consulting firm Privacy Professor.
“In this case, relaying only the word ‘Alexa’ can get the digital assistant to start communicating and acting,” Herold said. “It’s the security equivalent of using a computer password that’s 1-2-3.”
Considering these devices listen on a continuous loop, “I would have grave concerns about using one in my own home as a privacy researcher,” King added.
Amazon introduced its Echo product in November 2014, an oddity at the time that also featured the company’s Alexa virtual assistant. Since then, connected speakers have become one of the fastest-growing technical innovations in the tech industry. Despite questions about digital privacy issues that come with putting internet-connected microphones around their homes, 44 percent of adults in the U.S. said they planned to purchase a smart speaker, according to the Consumer Technology Association.
In the growing battle for that consumer base, Google and Apple have released their own counterparts, and Facebook reportedly is developing its own version.
All of these companies started out on the Internet, which has traditionally had a culture of launching products before they’re entirely ready and debugging in real time, King said.
The upside of these devices is that they offer a simple user interface and unique capabilities, such as regulating temperatures in different rooms, turning on lights, sending emails, ordering pizzas and much more.
Those features, however, can overshadow the security issues inherent in providing access to a home network.
Herold points to the backlash in 2015 when parents discovered that Hello Barbie, an interactive toy that recorded children and sent the data over the internet, was vulnerable to hackers who could access that information.
More Americans are becoming wary of technology and concerned about cybersecurity — especially in the wake of the Portland incident and other high-profile data security issues such as Facebook’s Cambridge Analytica scandal.
Amazon didn’t provide the most reassuring explanation either.
“Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud, ‘To whom?’ ” a rep for the online giant said in a statement to the tech site Ars Technica.
“The background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right.’ As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
Experts say that these virtual assistants must do a better job at partitioning different types of information with different layers of security to prevent private information from being so easily shared. Not that the concerns are slowing down the rapid growth of the technology: One homebuilder is working on integrating Amazon’s Alexa through entire houses; Toyota is adding Alexa to its cars; and Amazon announced that there will be Alexa for workplaces.
“I advise my friends that have them, if you don’t think you are going to need it at the moment, unplug the devices,” Herold said. “That might defeat some of the ease of use, but, seriously, what takes longer: 20 seconds to plug your device back in or weeks of trying to undo a mistake that occurred by something that was misinterpreted by a smart device that didn’t turn out to be so smart?”