The past few years have been huge for voice-activated command services. It seems like every major tech manufacturer has one on the market.
But how secure are your communications? Are your commands really kept between you and the device? Where is all of this information stored?
Answering these questions is critical when determining whether or not you want to use these personal assistants on a daily basis.
They’re also important when it comes time to access, manage or delete your command history.
Contrary to popular belief, most of these devices aren’t “always on.” Instead, they only begin recording after the activation command, or “wake word,” has been issued.
In the case of Alexa and the Echo device, the command is “Alexa.” For Google Assistant, the phrase is “OK Google.” Some devices let you choose from several different wake words. Alexa users, for example, can choose between the default word of “Alexa” and one of two other options: “Amazon” or “Echo.”
So recording doesn’t begin until you’ve spoken the magic phrase. That might even be enough to put your mind at ease. But it’s important to note that these devices also store your voice commands in the cloud. As such, they’re prime targets for hackers.
Like most new technology, these voice-activated command services are prone to cyber attacks.
The Amazon Echo device has already been hacked. Mark Barnes, a British security expert, recently demonstrated how malware can turn the consumer product into a live audio surveillance stream. You can find his research on his official blog.
Mark’s hack has a significant flaw — it requires access to the device and involves physical modification of the targeted hardware. Nonetheless, his proof-of-concept is enough to worry many consumers around the globe.
Another hack — one which uses a Bluetooth exploit — was identified in late 2017.
Known as BlueBorne, this attack doesn’t involve physical access to any device. It doesn’t even require the end-user to click on any links or open any files.
As such, BlueBorne has the potential to cause widespread havoc among current users of devices like the Amazon Echo and Google Home.
BlueBorne only gets worse from there. The exploit also has the potential to take control of a remote device and infect every other device on the same network.
As if that wasn’t enough, most modern malware or antivirus programs wouldn’t even detect the attack.
Thankfully, the majority of these devices have already received firmware updates to patch the hole. According to recent estimates, there are still approximately 20 million devices — primarily Amazon Echo and Google Home products — that are susceptible.
Most devices let you easily manage your files. Amazon Echo allows you to delete individual recordings by navigating into your device settings and your history folder.
From there, just tap on a single item and hit “Delete voice recordings” to finalize the action. To delete everything, sign into your Amazon Echo account at Amazon’s official website and navigate to “Manage Voice Recordings.”
Although Apple recently disclosed that Siri stores data for up to 18 months, you can turn off voice dictation and Siri’s assistance to prevent voice recording and archival.
Google Home users can delete past recordings by navigating to the “My Activity” section of their Google account. Just like Amazon Echo, Google Home lets you remove individual or entire groups of files.
While devices like Amazon Echo and Google Home represent huge leaps forward in smart home technology, they’re not without their faults.
To use these products safely and securely, make sure you update them with the latest patches and enhancements.
Deleting your past messages is a good practice to minimize the damage if a hack does occur, but this can also hamper the personalization of your device.
Ultimately, it comes down to balancing your security and privacy with the amount of functionality you need.
Image by Piotr Cichosz
Create your free account to unlock your custom reading experience.