Smart speakers with virtual assistants like the Amazon Echo and the Google Home have opened our eyes (and ears) to what an always-on, always-listening appliance can do.
They answer your questions, control your smart home, play music, help you organize your day, read you the news and control your TV. Their set of skills grows each day!
But with all this convenience, an always-listening gadget will always raise privacy and cybersecurity concerns. What if a clever hacker finds a flaw that can turn these smart speakers into secret spy gadgets?
This could be a complete security nightmare to the millions and millions of Amazon Echo and Google Home owners out there! But how likely is it that a massive smart speaker attack will happen? Read on and you'll be surprised by the answer.
Hacking Alexa is not worth it?
So far, the majority of attacks on smart speakers we've seen are all proof-of-concept demonstrations that require tons of technical work and physical access to the gadget. Most of these vulnerabilities are patched regularly by Amazon and Google, so they shouldn't be a big concern for regular consumers anyway.
In fact, according to Jake Williams, a former white-hat hacker for the National Security Agency (NSA), the chances that a hacker will target your smart speaker is actually pretty slim. The reward for the amount of work involved in stealing your audio commands is simply not worth it.
"What we're talking about here is a lot of work," Williams told CNBC's Make It. "(Attackers) don't care what you're talking about at home, they're looking to monetize data."
Simply put, cybercriminals want to steal your personal information and your banking information, and there's no easy way to do that via smart speakers.
"The level of effort to do it is too high in the vast majority of cases," Williams continued. "Your average American just isn't that interesting."
Smart speakers are less vulnerable to common hacks
Due to the way these smart speakers operate, Williams also explained that they are actually less vulnerable to hacks than other internet-connected gadgets like your smartphone or your computer.
Why? Well, unlike laptops that can run an infinite combination of computer programs and web browser plugins, smart speakers are relatively simple -- all they do is listen to your audio commands and return a response from a centralized server.
"If you think about your Echo or your always-on assistant, it really only takes input from two places," Williams said. "It takes (in) you, with your voice, and then it's a stream coming back from the server (at the company.)"
What this means is that hackers only have two options to steal your information from a smart speaker -- directly hack into Amazon or Google's servers or intercept your voice communications to the gadget.
For example, even if you do use your Echo or Google Home for online shopping, your credit card information is not saved locally in your smart speaker, rather it's stored and encrypted in Amazon's or Google's servers.
In fact, if hackers could get to this data, then the security issue is with these tech giants' larger infrastructure, which is a more serious problem in and of itself.
"It's possible that one of these interfaces ... could itself have vulnerabilities, but that wouldn't be a vulnerability in the Echo, that would be a vulnerability in Amazon's infrastructure, and we wouldn't call that an Echo hack," Williams explained.
Turning your house into a smart home is exciting but be careful! Listen to my Komando On Demand podcast to learn how to watch for the warning signs so technology doesn't take over your home.
Phishing scams are still possible
Amazon Echo and Google Home hacking may not be worth the trouble (for now), but since smart speakers are also open to a variety of third-party "skills," opportunistic scammers can exploit these for "phishing" scams and use malicious fake skills to steal your information.
For example, hackers can put out a similar sounding Echo skill for a trusted brand and steal your information and credentials that way.
What can you do to protect yourself?
To protect yourself from emerging smart speaker exploits, make sure you're always running the latest software updates.
For extra privacy, there's also a way to mute the Echo's mics. To turn the Echo's mic off, press the microphone off/on button on the top of the device. Whenever this button is red, the mic is off. To reactivate it, just press the button again.
To mute Google Home, press its physical mute button located at the back of its shell. Similar to the Echo, if this button is activated and lit, the mic is off.
Bonus: review and disable your Echo's skills
To see all your installed Echo skills and disable the ones you don't need or recognize, here's what you need to do.
- Open your Alexa app on your smartphone or tablet, tap the menu icon (the three horizontal lines on the upper left corner) then Tap skills.
- Tap "Your Skills" in the upper right corner.
- This will give you a list of all your Echo's enabled skills, just updated skills, and skills that require your attention (usually for account linking.)
- To disable a skill, just tap on it then tap the "DISABLE SKILL" button.
How to listen to what Amazon Echo has ever recorded you saying
If you own an Amazon Echo, you probably know its strange secret. The device records a lot of what you say. For privacy reasons, there's a way to delete them all. Tap or click here to learn how.