Image credit: Daniel Berman/Bloomberg
By Shelly Palmer, CEO of The Palmer Group
Some people believe that voice assistant Alexa is listening all the time. This is true.
Some people believe that Alexa records every word for posterity. This is false.
Some people believe that having an Amazon Echo increases their risk of being hacked. This is also false.
But, there’s more to the story.
Someone found a bug
A woman named Danielle recently contacted Amazon after an employee of her husband received audio recordings of private conversations from Danielle’s home.
Danielle, who had AVS-enabled devices in every room of her home and used them as her Smart Home hub, repeatedly called Amazon until an Alexa engineer investigated the matter.
“They said ‘Our engineers went through your logs, and they saw exactly what you told us, they saw exactly what you said happened, and we’re sorry.’ He apologized like 15 times in a matter of 30 minutes and he said we really appreciate you bringing this to our attention, this is something we need to fix!”
Amazon’s explanation and reaction
Amazon investigated and explained:
“Echo woke up due to a word in background conversation sounding like ‘Alexa’. Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right’. As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
Amazon offered to “deprovision” communication functions on Danielle’s Alexa devices, meaning that she and her husband could still use them to control their Smart Home. Danielle, however, asked Amazon for a full refund for all of her devices.
This is not the first time a smart speaker has misinterpreted what it perceives from the world around it. You may remember a Google Home commercial that accidentally activated viewers’ Google Home devices during the 2017 Super Bowl. Amazon responded to the incident by inventing (and patenting) a way for Echo to ignore the word ‘Alexa’ ahead of its 2018 Super Bowl commercial.
These issues arise in spite of the fact that Natural Language Processing systems are becoming increasingly more accurate. Less than two years ago, voice recognition sat in the 92 percent to 94 percent range. In the past year, Microsoft reduced its error rate to 5.1 percent. Google claims an error rate of 4.9 percent, but it may be using different testing approaches.
So, how secure is Alexa?
Besides mishearing wake words and not understanding your commands, Amazon’s Echo devices have a history of security blips and other worrying behaviors. Here are a few:
- Researchers found that “dolphin attacks”, audio played at a frequency inaudible to the human ear, can control smart devices without their owners being aware.
- Smart devices can be used as spy tools for law enforcement.
- Wired discovered that turning an Echo into a spy device only takes some “clever coding”.
- People have complained about a “sinister” laugh coming from Alexa. (Spooky!)
According to Amazon, all of your spoken commands are stored as text in Amazon’s cloud. You can see your history in the Alexa app. Unless you opt out, Google stores a history of every interaction you have with Google from every device. Facebook has your complete Facebook history. Every website or app you’ve ever visited or used has the ability to keep a record of every interaction you’ve ever had with it. Honestly, there’s nothing new here. Nothing.
Could hackers get your Alexa history?
Hackers can get anything they set their minds to. Anything that can be hacked will be hacked.
If law enforcement served Amazon with a warrant to obtain your AVS records, the time stamps of the commands could place someone (not necessarily you because, at the moment, Alexa does not recognize who is speaking) at the scene of a crime or help an investigator put together a theory of a case. But this can be done with any or all of your digital interactions – credit cards, phone, computer, etc.
What happens next?
In spite of these worries and security risks, smart speakers, led by Amazon’s Echo products (with over 22 million units sold last year), are on pace to be found in over 55 percent of US households by 2021 and are becoming the fastest-adopted consumer electronics devices, reaching a 50 percent penetration in just three and a half years. (The smartphone took five years.) It’s projected that Echo devices will generate $7 billion in retail sales by 2020.
If you’re really paranoid, don’t buy an Echo or any smart speaker. That way, you’ll only have to worry about your smartphone spying on you … and your laptop … and your TV … and your microwave … and don’t forget government satellites and your run-of-the-mill James-Bond-Cold-War-Era, wiretaps, and laser-based eavesdropping tools … Just because you’re paranoid doesn’t mean they aren’t after you.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.