Could your smart speaker be a security threat?

Smart speakers have become very popular, with millions already having been sold in the UK. Google Home, Amazon Echo Dot and other voice-controlled technology now take pride of place in many family homes – and even offices – with the novelty and convenience of their versatile functions making them highly desirable devices.

They can be everything from the DJ in the corner – fulfilling your every musical request – to your personal shopper, weather forecaster and virtual PA. Some voice-activated speakers also have cameras that can be operated remotely, acting as a basic home surveillance device – or even a way to check in on pets while you’re at work!

So, who wouldn’t want one for their house or the office?

The features on offer can admittedly be very exciting, but there are a number of potential cyber-security risks that need to be considered.

Privacy problems

Your privacy and online security could be on the line if you are not careful with your smart speaker. A myriad of issues is still unfolding – and has been documented in the media – but many buyers remain unconcerned.

The sheer variety of uses for a smart speaker means that a cyber-criminal – or even someone you know who is just being mischievous – could cause all sorts of problems, should they get access. On the less serious end of the scale, this could potentially enable a joker to set you a wake-up alarm for 2am by calling to your speaker through your window or letterbox.

Of course, this would be a minor inconvenience compared with more damaging interventions. For instance, some smart speakers can be used to make phone calls, send emails, manage calendars or even be linked up with devices like intercoms – possibly opening the door to more sinister privacy problems if the technology is interfered with.

There is also the consideration that they are always listening. Nothing is saved until the wake-up word is said – for example, “Alexa” or “OK, Google” – which then triggers the audio to be recorded, encrypted and sent to a server. And all devices do provide an option to delete old logged requests.

However, there have been much-publicised glitches with some smart speakers, involving recordings being activated when the code word has not been said or by something that sounds similar to the wake-up term. This has inevitably led to users questioning whether the devices are actually hanging off – and storing – every word.

The threat of tampering

Who can access your smart speaker when you are out? Do you have workers unsupervised? Cleaners? Children?

Just as with most devices – from smartphones and tablets to laptops and desktop computers – someone could potentially modify the speaker or its settings to their benefit. Standard advice to secure your WiFi network and protect any technology with a strong password and a two-factor authentication is essential here.

And it may sound obvious, but syncing security functions to your speaker is a bad idea. Consider what could go wrong if the device fell into the wrong hands – or earshot – and think before you link!

The power to purchase

Another key issue is that someone could use your speaker to buy something without you realising. There have been cases of children asking a smart device for toys without their parents’ knowledge – and even one instance of a parrot placing an order! One way to prevent this is to set a PIN code for purchases – if the option is there – and to only use it when there are no eavesdroppers around.

Voice recognition technology is still developing and is likely to eliminate some of these problems in the future. But as things stand, other people talking to your device is a very real possibility that should be protected against.

Set up your smart speaker properly

For the reasons above, it’s crucial to configure your speaker properly when you first get it out of the box – though this won’t eradicate all possible problems and you will still need to be vigilant. Think about what accounts you connect, erase any sensitive recordings, consider muting your voice assistant when you are not using it and disable any services you don’t require.

Alongside setting up a purchase PIN or password, it’s also a good idea to pay close attention to the logged requests and any notification emails about things that your speaker has ordered – just in case your parrot goes on a spending spree!

If you want to find out more about device security or protecting your business against other potential cyber threats, contact us!

Send us a message

    Talk to us

    Lancaster: 01524 581690 (Head Office)

    Preston: 01772 395693

    Technical IT Support illustration at Q2Q HQ Lancaster, Lancashire and the North West