Science fiction has finally arrived and it is here for good, and bad. In this automated world, we have graciously surrounded ourselves with smart assistants—such as Google Assistant, Alexa, and Siri—who obey our commands. As per a 2018 report, Amazon Echo and Google Home installation counts have already crossed 50 million. Since the past few years, there have been multiple instances of these devices being exploited to spy on people.
The privacy and security issues in these devices range from voice recording leaks to the abuse of these devices by malicious actors, who continue to exploit vulnerabilities in these devices to date.
Threats, Threats, Threats
A report by Security Search Labs discusses both the phishing and eavesdropping vectors in smart speakers from Google and Amazon; both exploitable via the backend.
In its disclosure note, the report acknowledges that the vulnerabilities were shared with Amazon and Google through their responsible disclosure process.
Also, in other research, ESET Smart Home researchers found Amazon Echo 1st gen and Kindle 8th gen devices vulnerable to two KRACK vulnerabilities; which may also lead to user credentials leak. Initially discovered in 2017, the threat still exists for many Wi-Fi enabled devices.
According to the ESET team, the vulnerabilities allow attackers to:
As per the report, Amazon distributed a new version of software application wpa_supplicant to fix the vulnerability. You’re safe if you have it. Or, you can go into Echo and Kindle settings to ensure the latest firmware.
Amazon, Google and Apple’s Human Vetting and Conditions
Earlier this year, we also came across not-so-surprising revelations about how giants themselves, or via contractors, hear the recordings without the knowledge of the device owners. After whistle-blowers’ reports on Siri recordings and Alexa activations, many security groups raised concern on the degree to which they listen to humans.
How to protect yourself from someone else listening?
Amazon and Google has offered straightaway solution to disable human vetting for their virtual assistants, whereas Apple plans to release a software update that will let people opt into its program for quality control.
Listed below are some ways to minimize the information shared with the companies through various assistant devices.
For Amazon: Alexa devices include a physical button to disable their microphones.
Amazon also provides the Alexa privacy hub, which contains a thorough explanation of the types of data collected by the virtual assistant and how its privacy settings can be changed.
For Siri: You may choose to disable Siri on an iPhone to erase your data and reset your identifier.
For Google Home: There are several privacy settings for Google Assistant on Android phones and Google Home smart speakers to tweak controls.