Smart speakers have become a regular in many modern homes. But even though we can benefit greatly from them when performing our daily tasks, they are not completely safe in terms of user privacy and security. So let’s explore the security risks of smart speakers and how to better protect yourself.
What are smart speakers?
In case you’re not familiar with what exactly smart speakers entail, we’ll start by briefly walking you through it.
Smart speakers are voice-controlled devices that enable users to perform everyday tasks with simple voice commands. This could be:
- Setting an alarm
- Turning on the lights
- Calling a person
- Turning on the radio or playing music
- Controlling other smart home devices
Smart speakers are a form of IoT device, which means it is often connected to other smart devices. This is one of the things that make smart speakers a potential threat to your security and privacy as the compromise of just one device can rapidly infect the rest of your smart devices. For example, if your smartphone gets hacked, your connected smart speaker might easily be next in line, enabling the hacker to eavesdrop at any given time.
Popular smart speakers at the present time include Amazon Echo, Google Home, and Apple HomePod.
Eavesdropping at all times
In order for the smart speaker to operate ideally, the microphone is always on and ready to pick up speech. Smart speakers are constantly passive listening for so-called wake words to trigger them. This could be, for instance, "Hey Google", "Hey Siri", or an alternative wake word you’ve chosen yourself. However, words similar to the chosen wake word might trigger the smart speaker as well. This means that you can unintentionally activate the device if the speaker picks up a word that triggers it. As mentioned, the speaker is listening at all times by default – whether you’ve triggered and activated it or not. The difference is that once you’ve activated it, the speaker starts recording. And such recordings will be stored.
In principle, anything may be recorded, including private conversations and potentially confidential information. Recordings are not only stored locally on the device, but will also be stored in the cloud, representing its own risks. This could be, for example, the risk of third party access or a data breach, which we’ll get back to. As with all types of confidential information, hackers are quick to find ways to get their hands on it.
In plain words, having a smart speaker and principally any smart device, is like having a constant security threat lurking in your home.
The risk of vulnerabilities
Like any software, smart speakers are also at risk of having vulnerabilities which, ultimately, can lead to hacker attacks. When a vulnerability is discovered by a hacker, they can exploit it to gain control over the smart speaker and subsequently hack into your remaining smart devices at home.
This is also why it’s so important to regularly check for new updates – and to update as soon as a new update is available. When you update your software, you patch potential vulnerabilities and make sure to keep hackers at bay.
Privacy issues
Besides the risk of your smart device being hacked, you should also beware of the data harvested and stored by the vendor. Even tech giants such as Google and Amazon have been sued over how they manage user data acquired by their smart speakers.
It's quite common for software product vendors to collect user data to improve their services and user experience. This is usually something the user consents to. Yet, user data might potentially be misused or shared with third parties without the user giving explicit consent. Therefore, it’s important to carefully read the vendor’s privacy policy and make sure to opt out of data collection when possible.
Another security threat relates to the risk of breaches. Since smart speakers store significant amounts of data such as voice recordings and user preferences, it can have serious consequences if a vendor’s servers are breached. If this happens, your most sensitive and private data could be exploited for malicious purposes.
Security best practices for smart speakers
Fortunately, there are a few things you can do to limit the potential risks of using a smart speaker.
- Review voice recordings and privacy settings: If your smart speaker has an associated app, it’s a good idea to regularly check the voice recordings saved there. If necessary, you can delete them. Generally, it’s a good idea to review your privacy settings to limit the usage of your voice recordings.
- Mute or turn off the speaker: Make sure to mute the microphone or turn your smart speaker off when you have private or sensitive conversations. In general, it’s a good idea to disconnect devices when they’re not in use. This helps you limit the attack surface and reduce the risk of unauthorized access and spying.
- Be careful what you say: Would you ever tell your passwords or confidential information like credit card information to other people? We hope not! In the same way, you should never give sensitive information to your smart speaker as you can never be entirely sure where it’ll end up.
- Choose a reputable brand: When choosing a smart speaker, it's a good idea to opt for well-known brands as they typically have better security measures in place than cheaper unbranded or replica smart speakers.
- Always use strong, unique passwords: We’ve said it before – and we’re happy to say it again: Always use strong and unique passwords for all of your accounts, including accounts associated with your smart speaker. Consider using a password manager, which is a useful tool if you want to easily increase your password hygiene. You should also enable multi-factor authentication wherever possible.
Concluding remarks
Many users find the degree of functionality and convenience that smart speakers offer to be desirable. Still, it's impossible to overlook the dangers of hacking and privacy concerns. That’s why it’s important to implement best practices to protect your confidential information and privacy.
A good rule of thumb is to consider smart devices vulnerable by default. Always remember that no software is 100% secure, so use it with caution.
Emilie Hartmann
Emilie is responsible for Moxso’s content and communications efforts, including the words you are currently reading. She is passionate about raising awareness of human risk and cybersecurity - and connecting people and tech.
View all posts by Emilie Hartmann