Alexa, Tell me About Your Cyber Security

April 29th, 2019
Alexa, Tell me About Your Cyber Security

According to a Symantec report, more than 20 million Amazon Echo devices are installed in the United States alone, making Alexa by far the most popular virtual assistant. But, despite their immense popularity, many people don’t know the security risks associated with smart speakers. So, in this blog article you’ll learn about some of those risks and how to protect yourself and your business.

It Doesn’t Stop Listening

Though Amazon has repeatedly shut down rumors that Alexa-enabled devices, like the Amazon Echo, are recording all the time, the devices are always listening for the wake word. When you talk, the speaker will locally process the audio it hears. If it doesn’t hear the wake word, the audio information doesn’t leave your device. If it does hear “Alexa,” however, the speaker sends your command to Amazon servers where it will be processed.

Your Discussions are Recorded

When you give Alexa a command, Amazon keeps a recording of the conversation and ties it to your account. You can go into your account and delete these conversations at any time, but many users don’t know about this feature.

Smart Speakers are Vulnerable to Hacking

If someone were to hack into your Amazon Echo, they could potentially use its microphone – and camera on the newer models – maliciously. This isn’t something a hacker could do quickly, but it does raise flags about buying used models online.

Your History is Helping Amazon Sell to You

Just like how companies use your Internet search history to advertise similar products to you, Amazon hopes to take your conversations with Alexa to better build your profile and present more relevant ads to you. Further, Amazon can partner with various brands to advertise for them. For example, if you tell Alexa to order more toothpaste, she could say, “How about Crest?” If you have a preferred toothpaste brand, you might specifically request it but if you are indifferent, you will likely purchase the first product Alexa mentions.

After all that, smart speakers are still incredibly innovative and useful tools. To ensure your data stays secure, here are some tips:

Secure Your Network

Your smart speaker and the data it holds are only as secure as your Wi-Fi network. There are many things you should do to secure your network, but here a few to start with:

  • Update the name of your Wi-Fi network (SSID)
  • Setup a strong password, and change it regularly
  • Hide your Wi-Fi network / SSID
  • Turn off remote management
  • Turn on and properly configure your firewall
  • Keep your firewalls firmware up to date

Strengthen Your Amazon Password

Your data obtained through Alexa is available to anyone with access to your Amazon account – including family members or friends you share an account with. This also means that if your Amazon account is hacked, the hacker has access to all the recordings from your device that haven’t been deleted. Keep your data secure and create a strong password for this account.

Change the Wake Word

Changing the word that wakes Alexa up is a great line of defense. Try and choose a word you are very unlikely to use in everyday conversation. This way, Alexa will only record when you say this word. It’s also important to note that Alexa’s sound sensitivity is quite high, so the speaker can pick up strangers’ voices through closed windows or the wall. It is also possible to turn off the microphone entirely.

Delete Old Recordings

You should make it a habit to regularly login to your Amazon account and delete old recordings. To do this, open Settings > History in the app or in the dashboard at Amazon.com. Old recordings will remain available until you manually delete them, so it is really important to review what data is available on your account.