Smart speakers provide incredible convenience, but some features may leave you open to cyberthreats and unwanted data sharing. Being aware of the known concerns with smart speaker privacy and security can help you stay safe.
Once you understand the risks, you’ll be able to take precautions against weaknesses in your devices, network, and behavioral usage.
The privacy of smart speakers is a worry for many users, especially when it concerns how their conversations are handled. Generally, a speaker from the big three manufacturers — Amazon, Google, and Apple — is safe to use. But an “always-on” microphone does come with some risks and ethical concerns.
Smart speaker microphones are always listening by design. This is how they are able to hear your requests at any given moment and passive listening is always on (unless the mic is muted).
Recording only happens if the wake phrase is used (like “OK Google” or “Alexa.”) The device records to capture and process your command. However, accidental recordings are possible. For example, other words can be misheard as activation phrases, like using “OK booboo” instead of “OK Google.”
Recordings are the only audio stored, and they are always stored locally on the device. However, they are also shipped off to the corresponding cloud servers for processing.
Depending on your privacy settings, you may find that your recordings are being used in several ways.
Many users never actually change default settings — leaving the manufacturer to decide. This stored audio is usually used for voice service improvement, and only a minor percentage of these recordings are reviewed by humans to develop their voice recognition further AI. Other uses for voice data may include building advertising profiles on users.
Policies around recordings and their usage have been shifting due to the increase in smart speaker popularity. However, privacy is still a concern, even for the three main smart speaker manufacturers (Amazon, Google, and Apple).
The security of homes and businesses are at risk if users are not careful about their smart speaker setup. So, while security might not be your immediate first thought (when it comes to your Amazon Alexa or Google Home). It should be because while it is not common right now, hacking, and unapproved eavesdropping are very real threats when it comes to smart speakers.
The Internet of Things (IoT) can create multiple points of vulnerability in your home (IoT devices refer to any “smart” devices that connect and interact via the internet).
Smart speakers can be used to control many “smart” parts of your home just by speaking. As users install smart home security and other devices, this introduces an easy target for hackers.
Criminals have begun to use IoT search engines to find the default username and password of any device on your home network. This includes home security devices, smart speakers, wireless routers, and even your refrigerator — all of which can be points of weakness.
Once compromised, your devices can be manipulated or infected to benefit the hacker. Because once they have access to one device, they may be able to gain access to others. Such as, your security cameras, secure data sent via the internet, or your front door (if it’s part of the same IoT network).
While less likely, cybercriminals can use other methods to hack into your IoT home. For example, an intricately designed laser pointer can be aimed at your speaker to simulate a wake phrase and activate recording. This presents a method that (while complex) can be done from across the street through a window. Similarly, an ultrasound speaker can be used to achieve the same result. Either of these methods could be used to trick a speaker into allowing a criminal to access your home.
Unauthorized access may also occur if a house guest or even your child tries to use the speaker. Without proper security measures, an unauthorized person may also be able to make purchases through your smart speaker — using your money.
Risks to your privacy safety can be deterred if you secure your home network using a comprehensive cybersecurity solution like Kaspersky Total Security. While it doesn’t currently protect smart speakers, it protects your other devices, like PCs, tablets, and smartphones. In addition to this, you should also be conscious of anything that is said around the speaker.
Become familiar with your smart speaker privacy and security settings. Dive into your device's app to explore your options. Google, Amazon, and Apple have been rolling out their own settings to lower safety risks for users.
Mute the microphone when you don’t want to be heard. Some devices have a physical switch, while others can be deactivated by voice command. This can prevent misfired wake phrases.
Delete your command history to erase local and cloud storage of past recordings. This information is used to understand your voice better, however not regularly deleting this could risk your security. Commands can be deleted on most services either individually, in a time range, or in full.
Activate and train your speaker for voice recognition. Your smart speaker can recognize your unique voice like a fingerprint, which can lock any unwanted users from waking and using it.
Deactivate personalized features that pull sensitive info for your convenience. Ease of access to your calendar, contacts, and more can mean it’s easier for anyone to access this data. Safe practices would have you turn off any settings that dive into your personal information.
Enable two-factor authentication (2FA) to create a safeguard step in case someone tries to use your device without permission.
Opt-out of data sharing for “improving” voice services or “personalizing” your experience. Many times, these options are on by default. You’ll have to turn these off yourself to halt the activity.
Consider having different networks for your IoT devices and make sure these are separate from the home Wi-Fi you use for your personal devices (i.e., non IoT devices).
Be wary of connecting security devices to voice assistants. With any point of connection, you are introducing another potential weakness into your home. Smart door locks, security cameras, and home alarm systems are more likely to be hacked if connected to the internet
Change default passwords. Many IoT products are accessible using factory-set credentials. Cybercriminals can easily grab this information and breach your devices unless you switch to a custom password. Best practice suggests using complex passwords or passphrases and do not use anything obvious like your name, date of birth, etc. as this will be a security risk.
Update all devices to their newest versions. The current software will have security fixes for all known risks. This includes any firmware, operating systems, drivers, and apps on your devices.
Disconnect any unused devices from your smart speaker. Just as with the security devices, a complex IoT in your home means more chances to become a hacking victim. In addition, devices not in-use are more likely to have outdated software, increasing potential threats.
Have cybersecurity in your home. The easiest way to protect yourself is to have cybersecurity for your home network(s). We recommend Total Security for the most comprehensive protection or Kaspersky Security Cloud to cover multiple devices.
WPA2 encryption should be active on your wireless network connection. This is the modern industry-standard for web security. But the important bit is that your data will be scrambled as it is sent and received. If someone intercepts this, they will not be able to unlock and read it.
Update your wireless network password. This is the Wi-Fi code you enter to connect your device to the internet. If you’ve made it something simple for convenience, upgrade it immediately. Convenience can be dangerous if it leaves you open to a malicious attack.
Change the default router password. As the heart of your internet data stream, having a strong router password is invaluable. This is different from your Wi-Fi password. Don’t reuse passwords and always make each passcode a unique blend of uppercase, lowercase, numbers, and symbols.
Consider a dedicated ‘guest’ network to avoid unprotected device access. Your wireless network connects all your devices, including your smart speaker. One compromised device can lead to an attack on your speaker and the rest of your home. Routing guest traffic on a dedicated network will isolate any threats away from your devices.