This is the age of the Internet of Things. Internet-connected intelligence is being built into everything around us. Automation is popping up where you would least expect it. Just about every aspect of our lives looks to be changed by cloud-powered artificial intelligence.
This all sounds great, but for people who care about privacy issues it raises many red flags. Already we have seen that many cheap IoT devices have weak security and can serve as an entry point to compromise or spy on your devices and home. IP camera hacking is but one example of the mischief hackers can get up to thanks to lax security standards when it comes to IoT products.
The biggest product in IoT at the moment has to be the Smart Speaker. Amazon, Apple and Google have all brought out products that provide a voice link to their services. You can speak up and ask these speakers for news, facts and of course to buy things. They also act as smart home control systems. So if you have other IoT devices you can often control and interact with them through your smart speaker. It's very convenient and impressive, but it could be a major privacy issue.
How it Works
You see, these speakers are activated whenever you say a trigger word or phrase. It would be something like "Hey, Siri", "OK, Google" or simply "Alexa" in the case of Amazon's offering. In order for this to work the microphones built into the system has to be listening and recording everything said around it all the time.
So the main privacy concern is that people have voluntarily installed wiretaps in their own homes. Certainly governments would love to have access to any archived recordings that these speaker
The Good News
Before you get too worked up about it, these speakers don't actually send any data for cloud-based voice recognition until you utter their so-called wake word. Which means that everything being said in your home is not being stored anywhere. However, if the wake word is said then a log of what has been said will be kept on the cloud service. You can usually review this log and edit or delete it as needed, but the bottom line is that those recordings have bee taken outside of where you have full control of them.
It's very unlikely that companies like Google want to perform surveillance on you, but that doesn't mean the technology can't be co-opted by hackers or government agencies!
The Hacker Threat
The nightmare scenario here is a lot like the one we've already seen with IP cameras and webcams. Hackers find an exploit to take control of the device, which can then be used to watch unwitting victims. What's to stop them doing the same thing with your new smart speaker?
Well, one key difference is that these smart speakers operate as nodes of a massive AI cloud network service. An IP camera is a lone internet-connected device that's rather vulnerable to attack on many levels.
A smart speaker is not under your control, but under that of a sophisticated technology giant. I don't know if that should make you feel better, but it does mean the challenge of hacking such a smart speaker is not a trivial one. Moreover, if an exploit were discovered Google or Apple could roll out a fix very quickly indeed. It could block speakers that have not been updated as well. Overall the chances that a hacker will significantly compromise these speakers seems rather small. Then again, it only takes one lucky person to discover a devastating exploit.
Aren't Smartphones the Same Thing?
This is a fair question to ask. All of these voice assistants started life on mobile devices and still live there. What's the difference between using Siri on an iPhone or iPad and using it on the Homepod?
Your phone has to listen for the wake word all the time too. In fact, even without any sort of smart assistant, the CIA can allegedly turn on your phone remotely. The best privacy move is not to have a smartphone at all, since it tracks your location and can collect much more info about you.
The general privacy risks of a smart speaker then has to be held up to that of the smartphones so many of us are willing to carry around. If you're willing to have a smartphone, why aren't you willing to have a smart speaker? The answer to that question will tell you a lot about your attitude to privacy.
How To Protect Yourself
The attack vector you have to worry about the most isn't the actual speaker, but your cloud account with Google, Apple or Amazon. If hackers get access to your account they can also access the logs of things you've said following the wake word. So practice good security when using these service:
- Use a unique, strong password
- Turn on two-factor authentication
Since your actual data is stored on the cloud service nothing much can be done unless your account credentials are compromised.
What about the data as it travels to the cloud? Can't it be intercepted? Well, yes. However, these major players all use secure encryption to protect against exactly this sort of thing. Even so, you should seriously consider VPN privacy to really make this route impossible. Check out our 2018 VPN selection for some of the best choices.
In the end it's hard to say no to a convenient technology such as AI smart speakers, but it's important to base your purchasing choice on a realistic understanding of the risks.