In early 2019, Amazon had shipped over 100 million Echo devices and became the leading company in smart speakers. The “Smart Audio Report” by NPR and Edison Research stated that by the end of 2019, over 60 million American consumers, aged above 18 years, owned at least one smart speaker.
Also, the Statista Global Consumer Survey—conducted in the third quarter of 2020—shows that Amazon’s Echo was the most popular voice-activated speaker in the market with a share of 20.8%, while other smart speakers, including Google Nest and Apple’s HomePod, were other major players.
Along with smart speakers, virtual assistants such as Alexa have also gained popularity during the past few years. More and more people have grown comfortable with the idea of installing a listening device in their homes. As per Amazon’s latest announcement, Alexa controls over 100,000 smart home devices.
All in all, smart speakers and virtual assistants have come a long way since their launch. Moreover, by 2025, it has been estimated that the global smart speaker market could be valued at over $35.5 billion.
Though smart speakers and virtual assistants’ popularity is still rising, cybersecurity professionals continue to take the thought of security with a pinch of salt. Owing to sheer curiosity and the enticing opportunity of owning a futuristic device, people tend to overlook privacy concerns.
So, is there any possibility of security threats? Do the privacy concerns and security outweigh the benefits of owning a smart speaker? This blog elucidates the advantages as well as security risks of owning a smart speaker in 2021.
Whether it is Amazon’s Echo or Google’s Nest, these smart speakers have made our lives better than ever. Not only do they enhance the appeal of a house, but they also aid in the smart home movement. Smart speakers make day-to-day activities easier and increase the efficiency of performing tasks. While the advantages could differ from one case to another, smart speakers have been an enticing option for all, especially the millennials. Here’s a list of advantages that smart speakers have to offer:
Everyday tasks are usually boring, and smart speakers can make such tasks more convenient, like asking any question, making a call, saving a reminder, or scheduling an appointment. Also, smart speakers can control the lights in a room, thermostat temperature, and so much more. A few voice commands let one do multiple tasks in no time in a smart home.
These voices in a box device are a blessing in disguise for the differently-abled people, who can independently use voice commands to control their environment. For instance, a person who has paralysis can give a voice command to turn on the lights in a room via the smart speakers.
Smart speakers can act as security tools by identifying the sounds of forced entry of burglars or intruders into a home. Many emergency management organizations use smart speakers for mass notification systems as they can sense an impending emergency through sound and send notifications to all connected devices at a go. Moreover, many security vendors opt for smart speaker integration as instantaneous connectivity makes the devices more accessible.
Setting reminders with the help of a smart speaker is one of the many benefits that can potentially help save time and energy. Such smart speaker-set reminders can help boost the employees’ confidence and improve their productivity in a working environment.
Smart speakers are built on Artificial Intelligence (AI); so, if an office-goer uses a smart speaker, it can easily record the user’s daily habits and organize a day’s schedule accordingly. Thereby, saving the person valuable time. Also, smart speakers can go a long way in promoting sustainability and energy saving as it allows people to use only what is needed. Thus, reducing electricity consumption and its related costs.
Just as the internet, Bluetooth headsets, and smartwatches have become part and parcel of our lives, smart speakers are on the way to becoming a necessity too. Owing to the range of benefits they have to offer, the smart speaker market will boom in the coming days. However, nothing is perfect, and here comes the major issue with smart speakers—their security flaws.
Under certain conditions, smart speakers can be hacked because of the two major concerns:
So, let us explore the type of risks that one might have to take while using a smart speaker.
The two major leading smart speaker manufacturers are also two of the biggest data-centric companies—Amazon and Google. They continue to face an increasing number of data breaches and cybercrime in recent days. Since the COVID-19 pandemic outbreak, remote work policies have increased; thus, increasing the number of data breaches.
According to a report formulated by IBM and the Ponemon Institute—constituting the feedback from 3200 IT and security professionals—the global average cost of a data breach has touched a whopping $3.86 million per breach in the year 2020.
The ability of smart speakers to gather large amounts of information instantaneously makes it a potential security threat. Not to mention that bugs in software updates can easily transform smart speakers into surveillance devices.
Anyone can command smart speakers to make them do anything. This disastrous feature is vulnerable to loud neighbors and children having no idea about what they are doing. The following are some instances:
Wifi is the new breeding ground for hackers. When using voice assistants or any IoT-based devices, one must ensure that the Wi-Fi connection is encrypted. It is advisable to use WPA2 encryption and strong passwords for this purpose. Also, regular updating of your Wi-Fi driver will reduce the probability of vulnerabilities.
The recent KRACK (Key Reinstallation AttaCKs) attack is one such example that proves how Wi-Fi networks can allow attackers to exploit or inject or modify any data, resulting in manipulated web pages or introducing malware into devices.
Another thing to keep in mind is not sharing passwords with visitors who might temporarily use Wi-Fi. That is why setting up a guest network will be a much safer option.
According to an ISTR Special Report by Symantec, an insecure Wi-Fi connection and a Google Home device can be a deadly combination because API calls can be made to interact with Google Home devices through Chromecast, an advanced built-in technology that allows users to stream their favorite entertainment and apps from a mobile phone, or laptop to their televisions or speakers. Here are a few instances of API calls that can be made.
The following shows the Method (POST, GET, and POST GET) and its URL and Description:
POST:
GET:
POST GET:
Similarly, simple requests can disclose the names of all configured Wi-Fi networks from a single Google Home device, for instance:
Furthermore, there are also commands that can reboot the device:
Smart speakers are gaining more popularity day by day. It has already become one of the most important everyday objects. Most importantly, it is an artificially intelligent device and might be a precursor to the era where humans would be living with robots. The perils associated with smart speakers cannot be ignored. However, privacy remains the biggest concern. Smart speakers can become permanent unauthorized eavesdroppers in households if one is not aware of the potential risks.