Blog Overview

What They are:

Smart speakers, or virtual assistants, are sophisticated artificial intelligence software. They are currently one of the most popular trends in technologies. The phenomenon started with virtual assistants such as Apple’s Siri and Microsoft’s Cortana. This type of AI technology is becoming increasingly popular, but most consumers are unaware of the cybersecurity risks it may pose.

Earlier this year, NPR and Edison Research published “The Smart Audio Report”, which included information gathered from a study that was conducted using telephone and online surveys of over 1800 Americans over age 18. The study found that as of January 2018, 1 in 6 people in the United States own or have access to a smart speaker or voice activated assistant. It also found that smart speaker ownership has risen 128% since January of 2017 with Amazon’s Echo, Dot, and Alexa based products currently dominating the market followed by Google Home.

Smart speakers were created with convenience in mind. It was meant to make user’s lives as easy as possible by following voice commands and allowing users to do many things, such as place an order on a website, play a song, book an Uber, place a call, or even control lights and central air systems in their homes with ease, but with this convenience comes risk. 

How Smart Speakers Listen:

Smart speakers or virtual assistants, use voice recognition to answer commands. While smart speakers are always listening, they are not continuously recording. They listen for specific commands or “wake words”. The danger with this is that devices can easily be accidentally activated when users have conversations that contain their wake words or words that sound similar to them near the device. Once activated, intentionally or not, smart speakers record and transmit audio. While devices have malfunctioned in the past and recorded more than users intended, companies such as Amazon and Google responded quickly and worked to fix the issues with their respective products.

These devices communicate using an internet connection through a Wi-Fi network. It’s internet-connected microphone records spoken information and sends that information to cloud-based servers owned by their respective companies. Smart speakers track commands, questions, and activities, then store the information in the cloud server where it is used in the device’s algorithms to cater to each individual user’s needs. This means that these companies collect a wealth of personal data from their users, but is this data vulnerable to cybersecurity attacks?

While having personal information stored in a cloud server may make some users uncomfortable, larger companies are taking measures to ensure their users privacy.  Companies that create these types of devices, such as Amazon, Apple, and Google claim that they encrypt all information gathered from their smart speakers.

Possible Security Risks:

Most smart speakers are built for ease of use rather than with security in mind, which may leave users more vulnerable to cybersecurity issues. Many of the vulnerabilities of smart speakers and virtual assistants are currently unknown because of the relatively new technology. As this type of technology becomes more popular it will become increasingly at risk of cyber security attacks.

Currently, what we know is that most security risks of smart speakers are similar to those of smart phones and computers. They are also susceptible to hacking, just as other IoT devices are. The smart speaker itself does not need to be hacked directly, it can be accessed through a network with a vulnerable router. For now, smart speaker owners should assess the risk of using a smart speaker in the same way that they assess the risk of using a computer or smartphone.

How to Decrease Risks:

There are several ways to decrease the risks associated with smart speakers and virtual assistants, but users should keep in mind that many of them also decrease the quality of the product’s performance.

During the initial set up process most smart speakers will ask users to connect the device to certain personal accounts. Many of these accounts may contain protected data such as personal billing information. One way to avoid hackers gaining access to your private information through your smart speaker is to not link these types of accounts with the device, though keep in mind that this will make placing orders significantly less convenient.

A security feature that is available on many smart speakers now is voice recognition, which allows users to use voice match features to authorize specific users. Many of these devices can now recognize individual users, ensuring that only designated users are able to access private information, make commands, or place orders.

Recordings made by smart speaker devices can also be accessed and cleared. Users can routinely clear stored recordings but should note that this may interfere with the device’s algorithms and decrease performance.

Users should also consider turning off or muting speakers when not in use, changing default settings and passwords, using two factor authentication for third-party services connected to the speaker, and securing their home Wi-Fi network by using WPA2 encryption and strong password protection.