Smart speakers like the Amazon Echo and Google Home bring new a technology into our lives, providing us with convenience and entertainment. But do they also bring new dangers into our homes as well?
Is Amazon spying on us?
Some people have become concerned about the fact that Echo devices are on and constantly listening, and that Amazon might be spying on us.
Amazon has responded to that by saying that Echo devices only listen for the wake word, and that nothing is sent to their servers until a device hears that wake word. Then, whatever follows is processed by their servers as commands. Otherwise, no information is sent, and no spying is going on.
There WAS an incident that happened recently, where an Echo at someone’s house heard a string of random sounds in a conversation that sounded like a series of commands. Somehow, it basically HEARD “Alexa”, and “send a message to Bob” and then it recorded what was said and sent that recording to their friend Bob. Bob got the recording, called them back, and let them know what was going on. The media got wind of what happened, and for about a week the story went viral. Amazon keeps a recording of all the commands that are sent to its server (which IS concerning) and it had its technicians analyze the recording. They figured out what happened, and assured the public that what happened was rare and unusual, but possible, given the large amount of sound that surrounds us each day.
Are other companies spying on us?
That day is coming. Since 2015 we have been hearing warnings about a device tracking technology called SilverPush which uses ultrasonic signals embedded in audio content, to track our location, habits, and media consumption. They are the real-world version of web page cookies.
It works like this: Suppose you have downloaded one of the hundreds of Android apps onto your phone that have secretly bundled the SilverPush technology. Your phone is now constantly listening for SilverPush signals (ultrasonic signals that are outside of the range of human hearing – kind of like audio bar codes). They might be included in a TV or radio ad. Your phone is now tracking and logging what ads play on your TV. If an advertiser places different signals in different ads, they can tell exactly what station and show you were watching, and when. Websites that you visit could play the sound, and now that is logged too. This can also track where you physically go – for instance, a display sign at a shopping mall might be playing an audio beacon, and now your phone has logged that you were there – and when. Over time, a profile of who you are, where you go, and what you might buy is built.
Which brings us to our smart speakers. Devices which play sounds, and listen for sounds, in the privacy of our homes. Designed and built by companies who make all of their money from targeted advertising or selling us their products. Is there a more natural fit, than for a company’s device to study their customer? It is inevitable that smart speakers will eventually be used for this purpose.
Are governments listening in?
Probably… yes. In 2013, a government contractor named Edward Snowden (illegally and heroically) showed us tons of solid proof that the U.S. National Security Agency has no regard for the privacy of U.S. citizens, and has developed tools to secretly collect our emails and text messages, and has been listening in on, and tracking our private phone calls FOR YEARS. And in bulk, since the 9/11 attacks. You know. To keep us safe.
Given this – and the fact that we are now putting multiple network connected cameras and microphones throughout our homes (Echos, Google Homes, webcams, our cell phones, our laptops) – only a fool would think that both government agencies and local law enforcement are not drooling over the treasure trove of information that they could be gathering from listening in on our devices. Of COURSE they are – either trying to develop the tools, or are already listening in on them. And if it’s the NSA, they probably have a cool name for it like Quasar or Neptune or something. Their spy programs always have cool names.
It’s not just the U.S. government that does this. In 2009 the New York Times reported that the Chinese government had been caught spying on the Dalai Lama through his computers. It’s common, it’s widespread, and the internet knows no borders. People could be tapping into your devices from literally ANYWHERE. Now days you have to choose between disconnecting and keeping your privacy, or plugging in and risk someone listening to you.
How much damage could hackers do?
Hackers look for, and ALWAYS eventually find vulnerabilities in the software that controls our internet connected devices. They use the flaws that they find to take control of the device.
They might commandeer your wifi router or laptop to join a DDOS botnet attack network that can bring down websites. They might be trying to steal your personal information to commit identity theft. They might want to scramble your information and hold it hostage until you send them some bitcoin.
“Smart home” devices bring a new kind of threat from hackers. Depending on what you have installed in your house, in theory, hackers could:
- Turn your lights on, or disable them.
- Control your thermostat (imagine shutting the heat off and freezing your pipes in the winter, or running a networked portable heater until it catches fire).
- Watch you through your security cameras. If you are not a perfect angel, they could record you doing or saying something and blackmail you with it later.
- Run your coffee maker until it catches fire.
- Lock and unlock your doors. (Imagine a burglar shouting through a crack in the window “Alexa! Unlock the back door!”.
- Open your garage door.
- Start your car, or disable it.
- How about closing your garage door and THEN starting the car? There’s a lethal combination for you!
I personally love the idea of an internet connected home, but until someone designs perfect security from hackers, I won’t install anything in my home but lights. (And I DO love my Hue lights!)