- Third-party software on your device can eavesdrop on your conversations
- Amazon sold nearly 10 million smart speakers in Q1 of 2022
- Whatever you say to your smart speaker is collected as data
Smart devices have become a modern home essential, allowing for seamless integration with household appliances and providing better experiences with the products you already own. However, the convenience of a smart speaker may come at the price of your privacy.
In the first quarter of 2022, over 30 million smart speaker shipments were made, worldwide. Amazon is the market leader in the smart device industry, selling nearly 10 million smart speakers in the first quarter, compared to Google and Apple which had shipments of 6 million and 4 million, respectively.
Cybersecurity experts from VPNOverview investigated the privacy risks associated with owning a smart speaker and what you should do in order to protect your privacy.
Always on, always listening and sometimes watching
By design, smart speakers are ‘always on’ awaiting for its command word. Though there is an option to manually wake the device, this takes away from its purpose and convenience.
Smart speakers can misinterpret certain words or phrases as their wake word, ultimately taking action from what was said. This may lead to things turning on/off, awkward messages/calls being made or even purchasing items without your knowledge.
One way to deal with this is by having the mic muted on your device. All smart speakers have the option to manually turn off the microphone, however, this completely removes the convenience of the device. As opposed to using voice to turn on, the user will have to manually wake the device by pressing it and saying the command or question.
Furthermore, smart speakers record and save what is being said after hearing the wake word. This is to help with creating routines for the users, as well as helping developers improve the functionality of the device.
To deal with these risks, users will have to use the in-app settings of the smart speaker to change how or if their data is used. They can also change the wake word, and this can help minimize the speaker misinterpreting conversations for commands. Picking a wake word that is more bizarre will reduce the likelihood of the device misinterpreting conversations as commands.
Third-party software risks
A common misconception is that when users interact with their smart speaker, they assume their data is only collected by first-party developers (Amazon/Google/Apple etc.). Certain commands and skills of the speaker are actually created by third-party developers.
When a user downloads and utilizes a skill on their smart speaker the data, as well as other account information can be given to third-party developers creating a risk.
Some of these third-party skills are not thoroughly moderated compared to skills provided by the manufacturer. Therefore this can become a gateway for hackers leading to leaks of information, as well as potential eavesdropping.
A way to deal with this is by ensuring that users only use skills and software that first-party developers have provided. Users can also use a VPN to provide an added layer of protection as this will create an anonymous connection to the internet.
2SV/2FA (Two-step verification/ Two-factor authorisation)
Smart speakers have the ability to purchase items. This is why Amazon’s Alexa is very popular in kitchens and pantries, as you can purchase household items as and when they run out.
This creates a security risk as anyone can use the speaker to make transactions. One way to deal with this is by making sure two-factor authorisation or two-step verification is enabled on your device. This will send a code to your phone via text or via an authenticator application, providing an added layer of security for users.
VPNOverview says that “the convenience of smart devices comes with the cost of our privacy. There are no other options to a smart speaker that provides this level of convenience, entertainment, and education”.
As long as users are careful with the speaker’s placement, how they use it and by ensuring their account is set up correctly, they can prevent possible hacks and sharing of unwanted data.”