Why Amazon Echo and Google Home are a threat to data privacy
Smart speakers with even smarter voice assistants have become a regular fixture across homes, and with Amazon Echo and now Google Home available in India, expect this wave to sweep over our country too. Google Home and Home Mini speakers were launched in India last week at a price of Rs 9,999 and Rs 4,499 respectively. The Amazon Echo lineup — which starts at Rs 4,999 and goes all the way up to 14,999 — with their smart assistants in the coming days, will try to give us household favourites. But before it does, a number of questions and concerns need to be addressed.
In the wake of the Cambridge Analytica scandal, tech giant Facebook has come under the scanner for its alleged role in influencing the 2016 US presidential elections, changing public opinion at the time of UK's Brexit referendum and even helping Nitish Kumar's JDU achieve a landslide victory in the 2010 Bihar Assembly polls.
With the conversation about privacy and data security taking center stage, companies such as Google and Amazon also being dragged into the debate. Their smart speakers with their voice assistants have given birth to new privacy and security vulnerabilities that could potentially have far graver implications than the Facebook-Cambridge Analytica data leak. And rightly so.
With the range of activities that can be carried out by these speakers, they are potential weak points waiting to be exploited by a hacker who could cause havoc if they gained access to them.
The threat
These smart speakers by their very nature are designed to work in tandem with a voice recognition system that can be summoned by the user to execute commands. All the user needs to do is simply wake the device with a by calling “Alexa” or “Ok Google”, and then ask it to carry out a variety of tasks that range from inquiring about the weather to ordering even more gadgets online.
In the ever-connected age of Internet of Things (IoT) these speakers can also interact with other devices in the users home to help carry out tasks like locking and unlocking of doors, switching on lights etc. From the technological point of view, it is all pretty amazing and is a great convenience for the user, but the hardware that facilitates this – always on micrphones and even cameras in some smart speaers – at the same time, raises certain important concerns.
Google and Amazon recording you
As the digital security firm, Symantec notes in a white paper it published earlier this year, the always listening nature of smart speakers of today means that everything you speak in their vicinity is at the threat of being sent over to backend servers of these tech giants.
Though as per the policy, these smart speakers only listen, record and send to their servers conversations that have been had with them after they have been woken up. However, there have been cases when a glitch or a faulty device has been found to record more than it should.
Case in point, a journalist who was given a Google Home Mini ahead of its general release date discovering that the device was making recordings even when he hadn't summoned the Google Assistant.
At the time, Google played it down by calling it a hardware problem as the "activation button on the device registered phantom touches” and activated by itself. The issue has since been fixed through a software update, but not before it exposed how great a concern such devices pose to the user's security.
They can be hacked
As digital devices connected to the internet, they also are prone to hackers. Amazon's Alexa and Google Assistant can sync with a user's calendar, and access passwords along with other private information that in the wrong hands can turn out to be disastrous.
Speaking to NBC News, Candid Wueest, Symantec’s principal threat researcher, explains how: “Someone could hack into these devices remotely and then turn them into a listening device... Some of them even come with cameras, so they could see what you’re doing, and that’s scary.”
Threat of misuse
But hacking is not the only concern here. A far greater concern that all smart speaker users face is of an unwanted person firing off a command to tricking a smart voice assistant into executing actions that it shouldn't be. This could result in a friend viewing your calendar or accessing other private details that you might not be comfortable sharing with them.
In its report, NBC News quotes Pam Dixon, executive director of the World Privacy Forum: “A burglar could shout ‘open the front door’ and ‘turn off the alarm system,’ if these devices are connected to your digital hub... That’s why I’m not persuaded that using a home assistant to lock and unlock your doors is a good idea.”
Then there is also the chance of an accidental trigger due to similar-sounding trigger words.
Though Google and Amazon have time and again assured users that they have taken measures to ensure unauthorised access to user data on these smart speakers, but in the wake of data breaches that have rocked the digital world, it is understandably difficult to take them on their word.