Hackernoon logoSmart Speakers: A Blessing Or A Curse? by@srivaibhav

Smart Speakers: A Blessing Or A Curse?

By 2025, it has been estimated that the global smart speaker market could be valued at over $35.5 billion. Amazon’s Echo was the most popular voice-activated speaker in the market with a share of 20.8%. Smart speakers make day-to-day activities easier and increase the efficiency of performing tasks. The advantages could differ from one case to another, smart speakers have been an enticing option for all, especially the millennials. But cybersecurity professionals continue to take the thought of security with a pinch of salt.
image
Srivaibhav S Hacker Noon profile picture

@srivaibhavSrivaibhav S

I'm a researcher, writer, and editor. I'm into technology and non-technology topics. Also, I love food.

In early 2019, Amazon had shipped over 100 million Echo devices and became the leading company in smart speakers. The “Smart Audio Report” by NPR and Edison Research stated that by the end of 2019, over 60 million American consumers, aged above 18 years, owned at least one smart speaker. 

Also, the Statista Global Consumer Survey—conducted in the third quarter of 2020—shows that Amazon’s Echo was the most popular voice-activated speaker in the market with a share of 20.8%, while other smart speakers, including Google Nest and Apple’s HomePod, were other major players. 

Along with smart speakers, virtual assistants such as Alexa have also gained popularity during the past few years. More and more people have grown comfortable with the idea of installing a listening device in their homes. As per Amazon’s latest announcement, Alexa controls over 100,000 smart home devices. 

All in all, smart speakers and virtual assistants have come a long way since their launch. Moreover, by 2025, it has been estimated that the global smart speaker market could be valued at over $35.5 billion. 

Though smart speakers and virtual assistants’ popularity is still rising, cybersecurity professionals continue to take the thought of security with a pinch of salt. Owing to sheer curiosity and the enticing opportunity of owning a futuristic device, people tend to overlook privacy concerns. 

So, is there any possibility of security threats? Do the privacy concerns and security outweigh the benefits of owning a smart speaker? This blog elucidates the advantages as well as security risks of owning a smart speaker in 2021.

How Smart Speakers Make Lives Better?

Whether it is Amazon’s Echo or Google’s Nest, these smart speakers have made our lives better than ever. Not only do they enhance the appeal of a house, but they also aid in the smart home movement. Smart speakers make day-to-day activities easier and increase the efficiency of performing tasks. While the advantages could differ from one case to another, smart speakers have been an enticing option for all, especially the millennials. Here’s a list of advantages that smart speakers have to offer:

Better Convenience and Organization

Everyday tasks are usually boring, and smart speakers can make such tasks more convenient, like asking any question, making a call, saving a reminder, or scheduling an appointment. Also, smart speakers can control the lights in a room, thermostat temperature, and so much more. A few voice commands let one do multiple tasks in no time in a smart home. 

These voices in a box device are a blessing in disguise for the differently-abled people, who can independently use voice commands to control their environment. For instance, a person who has paralysis can give a voice command to turn on the lights in a room via the smart speakers. 

Emergency Management

Smart speakers can act as security tools by identifying the sounds of forced entry of burglars or intruders into a home. Many emergency management organizations use smart speakers for mass notification systems as they can sense an impending emergency through sound and send notifications to all connected devices at a go. Moreover, many security vendors opt for smart speaker integration as instantaneous connectivity makes the devices more accessible.

Time and Energy Saving

Setting reminders with the help of a smart speaker is one of the many benefits that can potentially help save time and energy. Such smart speaker-set reminders can help boost the employees’ confidence and improve their productivity in a working environment. 

Smart speakers are built on Artificial Intelligence (AI); so, if an office-goer uses a smart speaker, it can easily record the user’s daily habits and organize a day’s schedule accordingly. Thereby, saving the person valuable time. Also, smart speakers can go a long way in promoting sustainability and energy saving as it allows people to use only what is needed. Thus, reducing electricity consumption and its related costs.

Are Smart Speakers Dangerous?

Just as the internet, Bluetooth headsets, and smartwatches have become part and parcel of our lives, smart speakers are on the way to becoming a necessity too. Owing to the range of benefits they have to offer, the smart speaker market will boom in the coming days. However, nothing is perfect, and here comes the major issue with smart speakers—their security flaws.

Under certain conditions, smart speakers can be hacked because of the two major concerns: 

  • Smart speakers always listen to their surrounding environment. 
  • Smart speakers can become potential hubs of vulnerability due to their ability to connect to multiple devices at once. 

So, let us explore the type of risks that one might have to take while using a smart speaker.

Privacy Issues

The two major leading smart speaker manufacturers are also two of the biggest data-centric companies—Amazon and Google. They continue to face an increasing number of data breaches and cybercrime in recent days. Since the COVID-19 pandemic outbreak, remote work policies have increased; thus, increasing the number of data breaches. 

According to a report formulated by IBM and the Ponemon Institute—constituting the feedback from 3200 IT and security professionals—the global average cost of a data breach has touched a whopping $3.86 million per breach in the year 2020.

The ability of smart speakers to gather large amounts of information instantaneously makes it a potential security threat. Not to mention that bugs in software updates can easily transform smart speakers into surveillance devices.

Children or Neighbor Proximity

Anyone can command smart speakers to make them do anything. This disastrous feature is vulnerable to loud neighbors and children having no idea about what they are doing. The following are some instances:

  • Neighbor: While sipping on a beer, the neighbor shouts to his wife to order some pizza. However, the smart speaker, hearing his voice, assumes you (the Lactose intolerant resident) placed the request. And, 20 minutes later, you hear a knock at the door with 5-boxes of cheese pizza. Bombs away!
  • Children:  A child looks at a toy on Amazon and shouts, “Alexa, order me 50 Barbie dolls.” This might result in unwanted purchases and reckless shopping habits among children who shop without their parents’ knowledge. 
  • Pets: For instance, in September 2017, a parrot named Buddy mimicked its owner and ended up ordering gifts on Amazon even though it was a bunch of gibberish commands.
  • Hackers: For people living in an apartment with mischievous neighbors (amateur or professional hackers) holding the knowledge of your recently purchased smart speaker, they can send commands in ultrasonic frequencies. Also, according to research, it has been found that it is possible to send inaudible voice commands at frequencies inaccessible by humans. Not to mention that hackers can control devices silently through electromagnetic waves too and trigger commands instantaneously.

Wi-Fi and Smart Speakers

Wifi is the new breeding ground for hackers. When using voice assistants or any IoT-based devices, one must ensure that the Wi-Fi connection is encrypted. It is advisable to use WPA2 encryption and strong passwords for this purpose. Also, regular updating of your Wi-Fi driver will reduce the probability of vulnerabilities. 

The recent KRACK (Key Reinstallation AttaCKs) attack is one such example that proves how Wi-Fi networks can allow attackers to exploit or inject or modify any data, resulting in manipulated web pages or introducing malware into devices. 

Another thing to keep in mind is not sharing passwords with visitors who might temporarily use Wi-Fi. That is why setting up a guest network will be a much safer option.

According to an ISTR Special Report by Symantec, an insecure Wi-Fi connection and a Google Home device can be a deadly combination because API calls can be made to interact with Google Home devices through Chromecast, an advanced built-in technology that allows users to stream their favorite entertainment and apps from a mobile phone, or laptop to their televisions or speakers. Here are a few instances of API calls that can be made.

The following shows the Method (POST, GET, and POST GET) and its URL and Description:

Post:

  • URL 1: /setup/set_eureka_info
  • Description1: Modify various settings, such as the device name, family mode, etc.
  • URL 2: /setup/forget_wifi
  • Description 2: Delete specific Wi-Fi settings resulting in the device going offline
  • URL 3: /setup/assistant/alarms/volume
  • Description 3: Increase/decrease/mute the alarm volume
  • URL 4: /setup/reboot
  • Description 4: Reboot or factory-reset the device
  • URL 5: /setup/assistant/notifications
  • Description 5: Enable the ‘Do Not Disturb’ mode

GET:

  • URL 1: /ssdp/device-desc.xml
  • Description 1: Reveal the name of personal device
  • URL 2: /setup/eureka_info?options=detail&params=version,name,build_info,device_info,net,wifi,setup,settings,opt_in,opencast,multizone,audio,detail
  • Description 3: Discloses important details, such as device name, proxy settings, Wi-Fi name, and location
  • URL 3: /setup/configured_networks
  • Description 3: Disclose any saved name of Wi-Fi network

POST GET:

  • URL 1: /setup/scan_wifi; /setup/scan_results
  • Description 1: Disclose nearby Wi-Fi network names
  • URL 2: /setup/bluetooth/discovery; /setup/bluetooth/get_bonded
  • Description 2: Enable Bluetooth discovery

Similarly, simple requests can disclose the names of all configured Wi-Fi networks from a single Google Home device, for instance:

  • Request: http://192.168.0.XX:8008/setup/configured_networks
  • Response: [{“ssid”:”NotForFreeloadingWIFI”,”wpa_auth”:1,”wpa_cipher”:1,”wpa_id”:0},{“ssid”:”YouCantUseMyWifi”,”wpa_ auth”:7,”wpa_cipher”:4,”wpa_id”:1}]

Furthermore, there are also commands that can reboot the device:

  • curl -H ‘Origin:https://www.google.com’ -H ‘User-Agent:com.google.android.apps.chromecast.app/1.24.37.7 (Linux; U; Android 6.0.1; SM-J510FN Build/MMB29M)’ -H ‘Content-Type:application/json’ -H ‘ContentLength:16’ -H ‘Host:192.168.0.XX:8008’ -H ‘Connection:Keep-Alive’ -H ‘Accept-Encoding:gzip’ -X POST ‘http://192.168.0.XX:8008/setup/reboot’ --data-binary ‘{“params”:”now”}’

In a Nutshell

Smart speakers are gaining more popularity day by day. It has already become one of the most important everyday objects. Most importantly, it is an artificially intelligent device and might be a precursor to the era where humans would be living with robots. The perils associated with smart speakers cannot be ignored. However, privacy remains the biggest concern. Smart speakers can become permanent unauthorized eavesdroppers in households if one is not aware of the potential risks.

Srivaibhav S Hacker Noon profile picture
by Srivaibhav S @srivaibhav. I'm a researcher, writer, and editor. I'm into technology and non-technology topics. Also, I love food.Read my stories

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.