The unprecedented spread of the COVID-19 has left commercial buildings empty, with most of the global workforce now working from their homes where possible. The threat of coronavirus has disrupted modern working life as employees embrace remote working and shift to a ‘home office’.
According to ABI Research, almost 79 million homes will have a connected device by 2024. There’s no doubt that smart speakers and voice assistants such as Amazon Echo, Apple HomePod and Google Home have helped to make our lives easier and more convenient. Yet as smart speakers become increasingly popular, users are also becoming increasingly concerned about their uninterrupted access to their homes and personal information.
Last year, there was a vast increase in IoT-related data breaches specifically due to an unsecured IoT device or application compared to 2017, up from 15% to 26%. In recent years, smart speakers have expanded their abilities far beyond simply helping us select music or set kitchen timers. They now assist us with everything from scheduling our daily calendars to controlling other smart devices from within the home.
According to a report from Northeastern University, smart speakers accidentally activate as many as 19 times a day, recording as much as 43 seconds of audio each time. Recent research also suggests that 59% of smart speaker users have privacy concerns, with unwanted listening and data collection being front and centre.
In 2018, Amazon was accused of recording personal conversations using virtual assistants when its Amazon Echo device had recorded a conversation between a husband and wife and then sent it to the husband’s employees.
Unfortunately, this has not been the first report of smart devices listening and recording conversations. In October 2019, a vulnerability affecting Google and Amazon smart speakers was widely reported. According to researchers, malicious cybercriminals could easily upload voice controlled apps that secretly record users and ask for their passwords. This type of attack which is known as voice phishing or vishing, is a phishing attack that is conducted by phone and often targets users of Voice over IP services.
Amazon has also come under fire as the organisation openly employs thousands of workers to transcribe and annotate conversations which are then fed back into the software as part of an effort to enhance its understanding of human speech and help Alexa respond to commands better.
A spokesperson for Amazon said “We only annotate an extremely small number of interactions from a random set of customers in order to improve the customer experience. Amazon uses this information to train its speech recognition and natural language understanding systems, so Alexa can better understand requests and ensure the service works well for everyone.”
With more people working from home than ever before, many employers are urging their staff to power down the technology in order to keep it from listening to confidential conversations and conference calls.
However, privacy concerns are not the only threat which are putting employees at risk.Hackers also recognise that these technologies are relatively new, which means that many of them still lack substantial security measures. As many devices have shared vulnerabilities, one connected device can easily lead hackers to another, enabling them to collect more personal data which they can then sell online, use for ransom and even commit financial fraud or identity theft.
With the right precautions, users can learn how to live alongside these gadgets successfully and safely. To secure your smart speaker when working remotely, there are a several steps to take:
Avoid Sharing Sensitive Data
Never share information with your smart speaker, such as passwords, credit card details, and various other personal identifying information that criminals can use to target you and your family. If an app on your device asks for this type of information, it could be a malicious piece of software.
Users should also regularly review and remove the voice clips associated with their devices. If you notice some records have details that you would prefer to keep private, delete them by following the steps each brand provides in its help documentation.
Disable Purchase Commands
Devices such as Amazon Echo and Google Home enable users to make purchases with a simple voice command. Essentially, this means that anyone with access to your device could make purchases with your connected account. By disabling Voice Purchasing, users can still shop with their virtual assistants and add items to their cart. However, they will not be able to complete the transaction from the speaker itself.
Enable Two-Factor Authentication
Enabling two-factor authentication offers an extra layer of defence in protecting the security of your personal information. In addition to a password, two-factor authentication requires a second piece of information to confirm your identity. For example, if you wish to connect third-party apps or make a payment, you can require the device to send a confirmation code to your smartphone. This reduces the chance of a hacker being able to gain easy access to your accounts.
Secure your Wi-Fi
Any traffic to and from your smart devices must pass through your home’s Wi-Fi connection and as such, a secure home network is key to securing your smart home devices. If your router supports multiple networks, consider creating a secondary network just for smart devices. You should also update your Wi-Fi software to protect the network security of your home. The router’s firmware like any other type of software can contain vulnerabilities that hackers will look to exploit.
Turn on Voice Recognition
Many smart speakers now have the capability to recognise different voices. To reduce the risk of unauthorised users issuing commands, consider enabling voice recognition. This allows you to limit who is able to use the device and enables the device to identify your voice and respond to authorised commands.
Configure your Personal Data Settings
By default, some smart speakers are configured to use your personal data to improve and enhance your experience. Users should review their privacy settings and be informed about what their personal information will be used for.
Limit Connected Devices
Although it may be appealing to connect all the smart devices in your home, users should be aware of the security concerns. Before you connect multiple accounts to your device, consider the consequences that could result if a hacker gained access to your smart speaker.
Turn off the Speaker When You’re Not Using It
The most simple step to secure your smart speaker is to turn off your device when you’re not using it. If you are concerned about keeping your phone calls private while working from home, unplug your smart speakers or hit the mute button on the speaker itself for peace of mind.