Alexa Privacy Fail Highlights Risks Of Smart Speakers
The revelation that a woman in Portland, Oregon, had her private conversations secretly recorded by the voice-controlled Amazon virtual devices in her home and then sent to a random contact in Seattle has caused mounting concern about vulnerabilities behind the burgeoning technology of so-called smart speakers.
The concern is warranted, said Jennifer King, director of consumer privacy at the Center for Internet and Society at Stanford University, because this type of advanced technology is not fully understood by consumers.
“We are basically testing fodder as they roll out more and more technologies that are based on artificial intelligence,” King told NBC News. “These companies are crowdsourcing these algorithms. As a consumer, you’re basically helping them learn as they go.”
One of the biggest problems with all this technology is that the emphasis is on ease of use over security, said Rebecca Herold, CEO of the consulting firm Privacy Professor.
“In this case, relaying only the word ‘Alexa’ can get the digital assistant to start communicating and acting,” Herold said. “It’s the security equivalent of using a computer password that’s 1-2-3.”
Considering these devices listen on a continuous loop, “I would have grave concerns about using one in my own home as a privacy researcher,” King added.
In the growing battle for that consumer base, Google and Apple have released their own counterparts, and Facebook reportedly is developing its own version.
All of these companies started out on the Internet, which has traditionally had a culture of launching products before they’re entirely ready and debugging in real time, King said.
The upside of these devices is that they offer a simple user interface and unique capabilities, such as regulating temperatures in different rooms, turning on lights, sending emails, ordering pizzas and much more.
Those features, however, can overshadow the security issues inherent in providing access to a home network.
Herold points to the backlash in 2015 when parents discovered that Hello Barbie, an interactive toy that recorded children and sent the data over the internet, was vulnerable to hackers who could access that information.
More Americans are becoming wary of technology and concerned about cybersecurity — especially in the wake of the Portland incident and other high-profile data security issues such as Facebook’s Cambridge Analytica scandal.
Amazon didn’t provide the most reassuring explanation either.
“Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud, ‘To whom?’ ” a rep for the online giant said in a statement to the tech site Ars Technica.
“The background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right.’ As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
Experts say that these virtual assistants must do a better job at partitioning different types of information with different layers of security to prevent private information from being so easily shared. Not that the concerns are slowing down the rapid growth of the technology: One homebuilder is working on integrating Amazon’s Alexa through entire houses; Toyota is adding Alexa to its cars; and Amazon announced that there will be Alexa for workplaces.