Lately, our life has been bombarded with voice assistants; they are becoming popular with making our lives easier and convenient. But the question arises, are these voice assistants a cyber-security threat to our personal and confidential information? Over 56 million voice assistant products were sold in last year all across the globe as per the survey conducted by Canalys. The most influential companies in these sectors are Apple, Google, Amazon making products like Siri, Google Assistant, Alexa which are now omnipresent in our homes, offices, transportation, and even on our phones. No doubt they are a great tool for making our lives far better saving our time but it can also not be denied that they pose a real risk in terms of our shared information, these concerns have arisen due to the fast connectivity speed of such devices and low-security protection they offer.
In one such incident which put Apple in a very embarrassing situation was when their confidential function of Siri got hacked and content of the messages appeared on the locked screen of the device, this enabled Siri to read out the hidden messages out loud.
By nature, these voice assistant are always on duty, always listening. This means that the microphone through which we connect to them are always connected to the dock which is a real confidentiality issue, although the leader of such assistant providers measures the threat as low intensity when compared to other cyberthreats like ransomware. Encrypting the case sensitive data will surely prevent the theft risk in such cases.
Today developers are working hard to reduce the vulnerabilities and proceeding on case-to-case protocol and implement counter-measures to solve the problem. All they suggest is to first create awareness among users, also another fact is additional security solutions in already connected devices or smart dock is practically impossible due to their closed design. But as the responsibility of the developer, many measures are being created from fingerprints to voice match, and the latest addition to it is the biometric system that will authenticate the user before using the virtual assistant. The explosive use of IoT devices has allowed information being linked to the web very easily whether emails, our shopping history even access to our news preferences. The range of activities these voice assistant or Bluetooth enabled speaker can perform give a gateway of hackers to have a broad spectrum of information leakage.
Once these voice assistant become active, even accidentally they record all the voices around them and send the information data to the backend servers. Consider then, that they get activated with a simple phrase that sounds similar to the phrase that they need (a.la "Hey Siri", "Alexa" etc) - all your conversation will be passed on somewhere. So a precaution that can be taken at the user side is to switch off the assistant as soon as the use is over and delete the files through the respective application.
Can your device be controlled by someone else?
In a recent study, it was found that forty-one percent of voice assistant users are concerned about privacy and trust issues. And this is not without good reason.
Yes, the harsh truth is your voice assistant can be easily used by anyone if you have not properly used a security system on them, voice assistant works on the central data customization and digital transformation of information in the world of things of internet. But another issue to have noticed upon is they provide you information by connecting with the internet that makes them communicate with other internet enabled Bluetooth devices surrounding them.
Remember dolphin attacks? Where hackers have used ultrasonic waves which is not audible to humans but are picked up by computers and Bluetooth technology, this white noise lets the hacker secretly sneak into your information through Youtube videos and sending information to malicious website without knowledge of the user.
Some things you should be aware of
If your house is connected to these voice assistant controllers than it is advised to not connect your device with non-secure internet like a smart door lock, in such cases if someone notices you using these features then hackers can instruct your device to unlock your houses and let them in.
Similarly, your bank details are not safe if used through them, if you ask your voice assistant to fill up the bank details to do easy and hassle-free payments, you end up saving your passwords and details. But these methods for easy login are not considered as safe, as they can be connected to server when used online. One must take care that everything that is connected to the internet CAN BE leaked and even assistants are not exempted from them. Although manufacturers like Amazon and Apple have their own security system but it’s always good to have a precautionary step and only store personal information and not finance specific details.
Secure configuration
One point that makes voice assistants less secure is their easily modifiable configuration; also settings can be molded easily by an outsider who has observed you while using these assistants. Malware which is present in a laptop can easily affect smart speakers on the same network. This can easily configure them to the theft of personal secure information. Most of these issues can be resolved by taking proper action while configuring your device and deciding how much you want your device to know. As any other software-enabled devices which stream online for its features, say music streaming, has a chance of having vulnerabilities.
Few tips you can follow
- Always remain careful how you link your accounts to your device
- If you are using Google assistant, then you must turn off personal results.
- Erase all past history of the recordings from the application and reduce the sensitivity of the recording from time to time, they might reduce some of the quality of the device but make it more secure
- If not using the voice device, then mute it or turn it off.
- Do not purchase anything through these devices, but if you really want to have an online shopping session through them then do have a secure password every time you use them
- Always pay attention to security notifications, emails and contact the service center immediately in case of a breach
- Protect your device with the latest security system and password, use 2FA where ever possible
- Use a WPA2 encryption Wi-Fi network and do not use it on hotspots with other devices around
- Do not let other unsecured IoT devices use your Bluetooth connectivity
- Do not ask your voice assistant to remember sensitive information like passwords and your cards details
It can be said these voice assistant have some of the security concern but these can be easily avoided with the help of concerned security measure so that we can have maximum service availability these devices offer us from calling to streaming music online and clicking photos, they reduces our efforts and increase our efficiency for sure.