In the run up to Christmas we have plenty of deals on all sorts of home devices which can be controlled by our voice, from a simple “What’s the weather” to “please can you add eggs to my shopping”.
As a consumer we believe products we purchase from well established companies are secure and with google and amazon the forerunners in voice-controlled devices, are we really safe?
Researchers in Germany this week tested the two leading products which are appearing all over the country, the google home and amazons echo. The researchers were white hat hackers and wanted to see what the amazon and google skills were capable of.
It turns out they can do a lot more than what we think. They created new skills and sent these to pass the tests to reach the google and amazon store, this all worked perfectly and they were able to install the applications on both devices. The secret was after a catch phrase was said and each device gave the answer, it then carried on listening to the users. Eavesdropping on conversations and possibly getting secure information such as passwords and marketing material.
This would be the equivalent of having a phone call with someone and leaving it off the hook, allowing the other end to listen in on all your family and private matters without you knowing.
So are our home assistants safe?
In short, yes. This isn’t built into either device. Instead malicious “Skills” (Alexa) and “Actions” (Google devices) developed by third party developers and hosted on the google and amazon stores, after passing security-vetting, can be downloaded by users. So, something seemingly innocent could be a trojan horse in your living room. As always with software, exercise vigilance and you will be fine.
Google and Amazon were contacted and have since informed the team they are becoming stricter with the third-party applications and in future will run through vigorous tests which don’t allow the apps to stay running without uses consent. But this is still a possible glimpse of what the future will hold for phishing and scamming users for information such as passwords. Our suggestion would be to only install the applications certified by Amazon or Google and when you are not using the devices you should switch them off at the wall.
This ensures that no one is listening, an article came to light a few years ago regarding a child’s toy which was hacked and a smart TV which both allowed an intruder to listen in on what we believe would be private times with our friends and family. This does make you wonder; are we being outsmarted by our smart homes?
If you require any help or advice for your smart apps and home devices, please contact us, we have a friendly, approachable Support team and can offer a range of remote and onsite support to keep your company running at its full potential so you don’t have to worry, book a free consultation with LBT today here or call 01763 275 400.