We may sometimes forget it, but it is always necessary to remember that smart speakers like Alexa and Amazon Echo are nothing more than a microphone connected to the Internet, which for many cybersecurity specialists represents a serious problem. Why do experts consider these devices to be a risk to the users’ privacy?
- These devices never rest
Cybersecurity specialists and users have mentioned that Amazon Echo is always listening, and they are right. Unless the “mute” function is activated, the smart speaker will always be in the expectation of listening to the word that turns it on (wake word).
- Newer models include a camera
Echo Look, one of the most recent Amazon devices, includes a camera that, according to the company, would work to capture user images and share fashion tips. However, Amazon has not specified whether this camera has automatic activation capability or if it includes any type of restriction.
As if it were not enough, cybersecurity specialists fear that future software upgrades will add more advanced capabilities to this camera that could completely expose the user.
- Drop-In feature poses critical privacy risks
Other Amazon devices, such as Echo Show and Echo Spot, also include cameras and microphones, plus video call screens. In addition, they include the Drop-In feature, which has concerned some specialists.
Thanks to this function, a user can make a call and the system will enable the receiver’s device, without them accepting or declining the call; although the company alleges that this function was intended to function as a baby monitor, there are few malicious uses that can be made of it.
- Amazon stores some recordings
According to specialists from the International Institute of Cyber Security (IICS) when Echo hears a command, Amazon stores a recording of the request and the response that the system emits. Although users can delete these records, the fact that the company stores records of their interactions with the system is a serious privacy issue.
- Exposure to hackers
Not only do companies’ invasive policies pose a risk to users’ privacy. A threat actor with the necessary knowledge and tools could take control of any of these devices for malicious purposes.
While it is true that engaging one of these devices is a really complex activity, it is a fact that it is possible to use these devices against their owners, especially if they are purchased second-hand.
- More invasive advertising methods
Amazon exploits the user’s shopping history to recommend custom ads or to give preference to some products when the user is shopping online using only his or her voice. This ability to weight some products above others can even help Amazon generate more profits by selling other developments thanks to Echo, such as Amazon Kindle or Dash Button.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.