Could your smart speaker be a security threat?

Senior Support Analyst

Fav thing about the office

The relaxed, casual, welcoming yet professional environment.

As a child I wanted to be a ... when I grew up

As a child I wanted to be many things, Doctor, Fireman, Police Man etc. I fell into IT when I was unemployed knowing nothing about it, but found I enjoyed it. IT has since been a 24 year, paid, hobby.

Guilty Pleasure(s)

Shutting the door and turning the music up loud when no-one is at home.

Favourite Holiday

The holiday I have not yet had. My upcoming 25th Wedding Anniversary Party in Ibiza.

Describe yourself in three words or less

Unique, Colourful, Professional.

An interesting fact about me

I am a fully qualified Level 2 Football coach and have coached local teams from the ages of 7 - 18.

Likes

Polish Vodka, Mediterranean foods, Sci-Fi series and movies

Favourite Band

I do not have a favourite band but my preferred music type is Hardcore Dance.

Karaoke Jam

If I did Karaoke it would be torture. I would not want to torture anyone, well almost anyone.

If I had a superpower it would be...

A Genie’s abilities (but not constraints), as this would grant me what I would require in any given situation.

What I do at Q2Q:

The best way to describe what I do is: I provide day-to-day support tasks ranging from the basic to the more complex installations of infrastructure systems.

For example, I could be installing Flash player for one customer, before moving on to implement a new server system (splitting one overloaded server into several separate fully functional virtual servers), with server replication and backup. I also liaise with 3rd party companies in the resolution of issues relating to their products, whether printers or bespoke software applications.

Background and Achievements

I have worked in Retail, made Vertical and Venetian blinds, been an Admin Assistant, before finding I had an understanding of I.T. and enjoying the work that came with that understanding. My I.T. career has led me to work in many different I.T. environments, ranging from schools, to small I.T. support firms, to British Aerospace with CPC, and ultimately Q2Q. Each have had their merits, but I feel that Q2Q is the right company for me, and their aspirations equal my own.

Hobbies and Interests

Online PC games, Star Wars The Old Republic, World of Warcraft, War Thunder Land and Air Battles, World of Tanks and World of Warships. Watching movies, mainly Sci-Fi and Japanese Anime. Taking Rio (my dog) for a walk. Listening to music, and enjoying the odd glass of Vodka.

 

Smart speakers have become very popular, with millions already having been sold in the UK. Google Home, Amazon Echo Dot and other voice-controlled technology now take pride of place in many family homes – and even offices – with the novelty and convenience of their versatile functions making them highly desirable devices.

They can be everything from the DJ in the corner – fulfilling your every musical request – to your personal shopper, weather forecaster and virtual PA. Some voice-activated speakers also have cameras that can be operated remotely, acting as a basic home surveillance device – or even a way to check in on pets while you’re at work!

So, who wouldn’t want one for their house or the office?

The features on offer can admittedly be very exciting, but there are a number of potential cyber-security risks that need to be considered.

Privacy problems

Your privacy and online security could be on the line if you are not careful with your smart speaker. A myriad of issues is still unfolding – and has been documented in the media – but many buyers remain unconcerned.

The sheer variety of uses for a smart speaker means that a cyber-criminal – or even someone you know who is just being mischievous – could cause all sorts of problems, should they get access. On the less serious end of the scale, this could potentially enable a joker to set you a wake-up alarm for 2am by calling to your speaker through your window or letterbox.

Of course, this would be a minor inconvenience compared with more damaging interventions. For instance, some smart speakers can be used to make phone calls, send emails, manage calendars or even be linked up with devices like intercoms – possibly opening the door to more sinister privacy problems if the technology is interfered with.

There is also the consideration that they are always listening. Nothing is saved until the wake-up word is said – for example, “Alexa” or “OK, Google” – which then triggers the audio to be recorded, encrypted and sent to a server. And all devices do provide an option to delete old logged requests.

However, there have been much-publicised glitches with some smart speakers, involving recordings being activated when the code word has not been said or by something that sounds similar to the wake-up term. This has inevitably led to users questioning whether the devices are actually hanging off – and storing – every word.

The threat of tampering

Who can access your smart speaker when you are out? Do you have workers unsupervised? Cleaners? Children?

Just as with most devices – from smartphones and tablets to laptops and desktop computers – someone could potentially modify the speaker or its settings to their benefit. Standard advice to secure your WiFi network and protect any technology with a strong password and a two-factor authentication is essential here.

And it may sound obvious, but syncing security functions to your speaker is a bad idea. Consider what could go wrong if the device fell into the wrong hands – or earshot – and think before you link!

The power to purchase

Another key issue is that someone could use your speaker to buy something without you realising. There have been cases of children asking a smart device for toys without their parents’ knowledge – and even one instance of a parrot placing an order! One way to prevent this is to set a PIN code for purchases – if the option is there – and to only use it when there are no eavesdroppers around.

Voice recognition technology is still developing and is likely to eliminate some of these problems in the future. But as things stand, other people talking to your device is a very real possibility that should be protected against.

Set up your smart speaker properly

For the reasons above, it’s crucial to configure your speaker properly when you first get it out of the box – though this won’t eradicate all possible problems and you will still need to be vigilant. Think about what accounts you connect, erase any sensitive recordings, consider muting your voice assistant when you are not using it and disable any services you don’t require.

Alongside setting up a purchase PIN or password, it’s also a good idea to pay close attention to the logged requests and any notification emails about things that your speaker has ordered – just in case your parrot goes on a spending spree!

If you want to find out more about device security or protecting your business against other potential cyber threats, contact us!

 

Could your smart speaker be a security threat?