Friday, May 5, 2017

Threats to Echo, Siri, Google Home

{Excerpted and modified from an article I found on the internet- can't find the link.  I might add to the discussion below that, if someone gets your Amazon password, then they have access to Echo and all the info you have given to "her."  This info is available "on-line", so your goose is deep fried if you don't use, and change on a regular basis, a unique- not used anywhere else- long password that can't be discovered}

The Threat:  Access to recorded "listening and speaking" records; Botnets


With Echo/Alexa, Siri, Cortana and Google’s Home assistant in many homes these days, and knowing that some of the technology is listening and recording, who might be able to exploit that?

In real life,law enforcement has requested access a device to "hear" what has been picked up by the assistant. But in the future, it may be hackers looking to have a listen.

Personal assistants fit into the larger concept of the smart home, so it’s useful to look at threats that have already targeted Internet of Things (IoT) devices.

Security experts have long predicted threats targeting everyday home devices connected to the internet, and the threat was made plain last fall when Mirai malware was used to hijack internet-facing webcams and other devices into massive botnets that were then used to launch a coordinated assault against Dyn, one of several companies hosting the the Domain Name System (DNS). That attack crippled such major sites as Twitter, Paypal, Netflix and Reddit.

To be clear, that attack infected IoT devices and used them to target a company. It’s not the same as being snooped on, but in many cases the end goal is on the same wavelength: the bad guys want to see or hear what you have for personal data so they can use the information to benefit themselves or their cause.

A few short years ago, IoT attacks were discussed as some potential threat in a distant future. Now they are real. To some experts, it’s only a matter of time before hijacked personal assistants become a clear and present danger.

Defensive measures


Those who choose to use this technology can’t and shouldn’t expect 100% privacy. If not for the ability of Amazon Echo and Google Home to listen, these things would become nothing more than doorstoppers and paperweights.

But there are certainly things users can do to limit the risk of unintended consequences. Here are just a few examples:

Not currently using your Echo? Mute it The mute/unmute button is right on top of the device. The “always listening” microphone will shut off until you’re ready to turn it back on.

Don’t connect sensitive accounts to Echo. On more than a few occasions,  daisy chaining multiple accounts together has ended in tears for the user.

Erase old recordings. If you use an Echo, then surely you have an Amazon account. If you go on Amazon’s website and look under “Manage my device” there’s a handy dashboard where you can delete individual queries or clear the entire search history.

Tighten those Google settings. If you use Google Home, you’re already aware of the search giant’s appetite for data collection. But Google does offer tools to tighten things up. Like the Echo, Home has a mute button and a settings page online, where you can grant or take away various permissions.

No comments:

Post a Comment

Printfriendly

Print Friendly and PDF