The
past few years have been huge for voice-activated command services. It
seems like every major tech manufacturer has one on the market.
Whether
you’re using Amazon Alexa, Google Assistant, Apple’s Siri or Microsoft
Cortana, it’s hard to ignore the hands-free revolution.
But
how secure are your communications? Are your commands really kept
between you and the device? Where is all of this information stored?
Answering
these questions is critical when determining whether or not you want to
use these personal assistants on a daily basis.
They’re also important when it comes time to access, manage or delete your command history.
Always On?
Contrary
to popular belief, most of these devices aren’t “always on.” Instead,
they only begin recording after the activation command, or “wake word,”
has been issued.
In the case of
Alexa and the Echo device, the command is “Alexa.” For
Google Assistant,
the phrase is “OK Google.” Some devices let you choose from several
different wake words. Alexa users, for example, can choose between the
default word of “Alexa” and one of two other options: “Amazon” or
“Echo.”
So
recording doesn’t begin until you’ve spoken the magic phrase. That
might even be enough to put your mind at ease. But it’s important to
note that these devices also store your voice commands in the cloud. As
such, they’re prime targets for hackers.
Turning the Personal Assistant Into a Personal Wiretap
The
Amazon Echo device has already been hacked. Mark Barnes, a British
security expert, recently demonstrated how malware can turn the consumer
product into a live audio surveillance stream. You can find his
research on
his official blog.
Mark’s
hack has a significant flaw — it requires access to the device and
involves physical modification of the targeted hardware. Nonetheless,
his proof-of-concept is enough to worry many consumers around the globe.
The Dawn of BlueBorne
Another hack — one which uses a Bluetooth exploit — was identified in late 2017.
Known as
BlueBorne,
this attack doesn’t involve physical access to any device. It doesn’t
even require the end-user to click on any links or open any files.
As
such, BlueBorne has the potential to cause widespread havoc among
current users of devices like the Amazon Echo and Google Home.
BlueBorne
only gets worse from there. The exploit also has the potential to take
control of a remote device and infect every other device on the same
network.
As if that wasn’t enough, most modern malware or antivirus programs wouldn’t even detect the attack.
Thankfully,
the majority of these devices have already received firmware updates to
patch the hole. According to recent estimates, there are still
approximately 20 million devices — primarily Amazon Echo and Google Home
products — that are susceptible.
Controlling and Managing Your Files
Most devices let you easily manage your files. Amazon Echo allows you to
delete individual recordings by navigating into your device settings and your history folder.
From
there, just tap on a single item and hit “Delete voice recordings” to
finalize the action. To delete everything, sign into your Amazon Echo
account at Amazon’s official website and navigate to “Manage Voice
Recordings.”
Using Voice Command Services Safely and Securely
While
devices like Amazon Echo and Google Home represent huge leaps forward
in smart home technology, they’re not without their faults.
To use these products safely and securely, make sure you update them with the latest patches and enhancements.
Deleting
your past messages is a good practice to minimize the damage if a hack
does occur, but this can also hamper the personalization of your device.
Ultimately, it comes down to balancing your security and privacy with the amount of functionality you need.
