Using voice commands through Alexa, Siri, Google, or Bixby to control IoT (Internet of Things) devices provide consumers with convenience of hands-free control as the next natural step in the evolution of technology. According to a study completed by Adobe Analytics who surveyed over 1000 US consumers:
“ Thirty-two percent of consumers reported owning a smart speaker in August 2018, compared with 28% in January 2018—a 14% increase in just a few months. “
The popularity of these smart assistants will continue to grow and as the technology is refined, the risk of cyber threats associated with these devices will be more likely. Voice assistants are typically in the mode of “always on” or “always listening”, meaning that with a specific phrase, it will await the user’s commands. The assistant is always online, connected via the users WiFi connection, which means it can be at risk from a cyber attack.
Present day users are typically using it for music playback,checking the weather, or doing an online search. What about the advanced users that use assistants for locking doors at home? Online purchases? These are all real and potential risks if your Voice Assistant device is not secured or is used recklessly. Here are some potential risks smart assistants may face:
Voice squatting uses what are called “Skills”, which are third party applications that give smart assistants additional functions. These functions may include opening your garage door, or turning your TV on through the assistant. Malicious users may prey on users who do not know any better and will create a “skill” that sounds similar to an official one, giving them the ability to record audio without your permission or order items through the assistant without your knowledge.
As an example: A user would say “Alexa, download Capital One Skill”, but the Malicious skill might actually be Capitole Wan, or something to that effect.
Because voice assistant devices are always connected to the internet, there is a chance that through an unsecured connection, a hacker can gain access to the device’s operating system and control it remotely. This malware can steal user information and possibly use the assistant’s microphone with you none the wiser.
A Dolphin Attack is a cyberattack controlling a smart device, in this case an Alexa or Google Home, using frequencies inaudible through human hearing. These commands are transmitted through extremely high frequencies which Dolphins can hear, hence the name, and send commands through the device which can give away your personal information or operate other IoT devices used by the assistant.
Because of these types of threats, Google and Amazon have been cracking down and regulating the skills in the download store and have made great strides to ensure the security of these smart assistants. A more common feature now being implemented is the requirement of the user confirming any commands like unlocking doors, or purchases online through your phone prior to completing the task.
Though these threats sound off putting, and may deter you from purchasing one of these voice assistants, this is just the nature of technology. As mass adoption of a new technology occurs, there will always be a need to ensure security of our personal and confidential information. It is important to keep your devices secure with an encrypted WiFi network and be diligent in monitoring any emails or malicious use on any of your accounts. At the end of the day, these devices provide us with more benefits outweighing the risks, making our lives easier and that much more convenient. But it is just as important to know the factors involved and be prepared and educated on how to mitigate these risks.