Not just speakers, but the voice recognition and processing tech are advancing at an alarming rate. These technologies make us all feel like we are living in the 22nd century instead of 21st. And while all this is well and good, our privacy and security are also being compromised at a rapid rate. So before you go on and ask Alexa for the weather outside today, ask yourself first- was she listening to you all this time? Without you even knowing?
Smart Speakers May Or May Not Record Confidential Conversation!
Even though it is hard to believe, it is true. Smart speakers like Apple's HomePod, or Google Home can record conversations and send them to anyone on and off the user's contact list.
According to news, one portland couple had their private discussion taped and sent to a person on their contact list. Every room of their house was connected with an Alexa speaker to control heat, lights, etc.
According to Amazon's response to this occurrence, this is a rare thing to happen for Alexa devices. The official respondent on Amazon's behalf said that the device picked up on background noises and interpreted it as a send message request. Similarly, it interpreted the background noises as the recipient's name and confirmation as well and sent out the recorded conversation.
The above incident is a rare occurrence. But there's one thing that's definitely happening to a smart speaker user. And that is the use of their data to train the smart speaker AI.
Where Does Your Voice Command Go?
So you have a date and asked Alexa to find you the perfect recipe to impress your date with your cooking skills. But where did your voice command go after the query was answered by the AI speaker?
We are all aware of how AI-based speaker technology works. It keeps listening for the wake word, once it detects the word, records the command, sends it to the processing cloud, and then receives the response back from the cloud and repeats it back to the user. The voice command is definitely stored for a little while. But what happens after it is completed? And how much of this data can the employees read?
Well, it might surprise you but the voice data are actually used to train the AI assistants used in the smart home speaker system. According to a report one by Bloomberg, Amazon employs a large team of employees to listen and decipher various recorded data in order to refine the system.
Everyone believes that smart technology becomes smart on its own. But in reality, it requires a lot of data and a lot of training to create an AI-based smart technology. So it is not really surprising that user commands and requests are being used to train the system for AI-bases speakers.
The manual effort of Amazon's team of employees to sort through the data and train the AI better might be a regular enough practice. But to a lot of users, the fact that their requests are being listened to and used is alarming. What's more, is that Amazon does not explicitly state that humans are going to listen to the recording to refine the system. In their list of FAQs, they state the use of user requests to Alexa to train and improve the voice processing system.
The users can still disable the use of their data to train the AI system. But what happens when a third party with a malicious purpose is eavesdropping on them? What happens when their smart speaker is hacked?
Vishing Attacks and Smart Speakers: Who Is The Victim?
Despite the fact that hacking AI-based speakers are not very useful, hackers still aim for these devices because of easy vishing possibilities.
Findings by SRLabs shows how these AI-based speakers are in danger of being hacked through various applications. The creators of these apps such as Skills for Alexa have access to the user details easily. These apps can be used to phis for delicate details such as banking details, addresses, passwords, etc.
Vishing attacks are more dangerous when the smart speaker is placed in an office. It might be tempting to make the office smarter with a connected smart speaker, sure. But at the end of the day, this raises the chances of important business data being revealed to the hackers out there. And that's why as the COVID-19 pandemic pushes everyone to work from home, companies are asking their employees to switch off their smart speakers when working.
Now that we are aware of how smart speakers are listening in on our conversation (whether willingly or not), we need to learn about the security measures to keep this from happening.
So is There A Way To Stop Alexa From Spying? Do's and Don'ts
There are inbuilt options to protect user data and privacy for these smart speakers. For Alexa devices, users can turn off the "Help develop new features" and "Use messages to improve transactions" options to keep the data secure. Google Home users can simply turn off the voice detection using a wake word and go from there. But what other security measures can they take? Here's a list of do's and don'ts for the smart speaker users to amp up their security.
Do: All Your Past Commands, Delete Them
All the commands the users speak out are stored in the cloud system for a time period. But, they can also be deleted.
Users can delete their data from the Alexa app, or Google home apps. This way earlier data and requests can be wiped and ensured that no data remains that can be used for malicious attacks.
Don't: Keep It On All The Time
For convenience sake, users have a tendency of keeping their AI-based speakers on all the time. And that is a big mistake. These speakers are activated through a specific wake word. And when they are turned on, they are always listening for the wake word. And in such a scenario, the only way to prevent these speakers from listening all the time is to turn it off. Only turn them on when you have to use them.
Do: Use Encrypted WIFI
The usage of non-encrypted networks is always dangerous. But using an untrustworthy network to run smart speakers can become even more dangerous. On such a network, the smart speaker is going to be even more susceptible to be hacked and used for Vishing scams. So when using smart speakers, connect them to an encrypted network.
Don't: Connect everything
The users are often tempted to link all their devices with Smart speakers. And that's why they will link all of their IoT devices with the smart speaker. While this does increase convenience, it also creates multiple points of the breach for hackers to exploit. That's why linking all the IoT devices to one smart speaker is a bad idea and users should not be doing so.
Do: Use Strong Password
It is a statutory warning for all the users from every online service provider. Using tough passwords makes it harder for hackers to access private details illegally and use it for malicious purposes. So while signing up for any service, follow the right password protocol and set a hard to guess password.
Wrapping Up: Voice Processing And The Security
AI-based speakers come with various security risks. But does that mean we will stop using them?
The answer is No.
The only way to make the best of any situation is to be aware of the security risks and what solutions we can use to get rid of those issues. And just like that, the users of AI-based speakers can find out all they can about the risks and solutions and explore the vast possibilities of the technology.