The voice-activated assistant boom has inspired fears of tech companies playing Big Brother and eavesdropping on consumers' most intimate conversations. New research reported by The New York Times suggests that a bigger threat may be third parties sending messages to Alexa and Siri that their owners can't hear.
In 2016, researchers from the University of California, Berkeley and Georgetown University demonstrated that hijacking someone else's smart device to activate airplane mode or open a webpage without their knowledge was as easy as hiding the command in white noise. Some of those same researchers from Berkeley further explored this vulnerability in a new study. They found that voice assistants can hear commands concealed in regular recorded audio. Many voice assistants can be programmed to make online purchases, unlock doors, and make digital payments—all commands that hackers could potentially use for their own gain.
Even with all their privacy concerns, voice-activated assistants continue to gain popularity. Over 20 million homes use devices like Amazon Echo and Google Home to do things like make calls, search the web, and control appliances hands-free. But without the proper security measures in place, features that are convenient in one moment can quickly turn disastrous. One way to protect yourself is by password-protecting sensitive commands like online shopping, or disabling them all together. And remember that connecting your whole life to Alexa, including your accounts, passwords, and contacts, leaves you vulnerable to a single attack.
You can set up every privacy protection imaginable, but in the end there's not much you can do to hide your information from the corporation that owns your home assistant. As long as it's on, it's always listening and recording every noise it hears. Remember to delete your saved recordings on a regular basis. You can also switch off the microphone whenever you want your personal conversations to stay private and to delete your recordings regularly.
[h/t The New York Times]