The smart speaker. A wireless speaker with voice control built into them able to receive voice commands and turn the demands into action. The speakers equipped with artificial intelligence from Amazon, Apple, Google or Microsoft, in other words a voice-controlled personal assistant. Sounds like the ultimate device to install in your home to make your life much easier doesn’t it? Not everyone sees it this way. The graph below presents that 40% of the participants in this research does not trust the device to be secure. This blog will examine the privacy and security of the smart speaker.
As the smart speaker is able to react to your voice you would probably wonder if your conversations you have in a private space are not recorded. The smart speaker device is always listening, but only starts recording when you say their ‘name’. Interestingly, the smart speaker advertisements cover most technical aspects of the device including the capabilities and features, however little is mentioned on the security and privacy protocols of the device.
Encryption offers the possibility for your recordings to be secure. Apple HomePod, Amazon Echo and Google Home all claim to encrypt the voice recordings that are sent to their servers. The encryption goes to the same extend as the level of encryption of Siri and HomeKit. All three devices encrypt the data in transit where after the data is ‘securely stored’ on the servers. Meaning that in transit from the device to the server the data is unlikely to be stolen or spied on. Nevertheless, the companies do have your personal data stored on their server. What would happen if the government demands the data to investigate a crime? How secure and private is your data really?
Currently, law enforcement is allowed to obtain a search warrant demanding a third party to turn over the recorded data by the smart speaker if the company can control or has access to the data. The latter is of significance importance as not every smart speaker manufacturer stores the data the same way. Both Google and Amazon store the data tied to your personal account. If a government agency requests data from Google or Amazon from a smart speaker, they can detect the account and the data tied to the account. Whereas Apple’s speaker is anonymized, there is no account attached to the voice recordings, therefore the Apple is simply not able to provide the personal data as this is randomly stored amongst millions of random numbers. The policy of Amazon entails that they will not release any data unless there is “valid and binding legal demand”, nevertheless the law is the law…
Two days ago the news came out that the Google Home Mini smart speaker device recorded nearly every sound it detected and send it to Google’s servers. This was the result of a hardware flaw. Mistakes happen. The modern and future devices can and will make day-to-day lives much easier, but be careful and know what you bring into your home…
https://www.cnet.com/news/homepod-echo-google-home-how-secure-are-your-speakers/
http://www.zdnet.com/article/google-home-mini-flaw-left-smart-speaker-recording-everything/
Know the risks of Amazon Alexa and Google Home
http://www.rollingstone.com/culture/features/how-smart-devices-could-violate-your-privacy-w492823
http://www.zdnet.com/article/google-home-mini-flaw-left-smart-speaker-recording-everything/
http://static3.businessinsider.com/image/5979ec1db50ab17c178b45d1-700/drawbacks%20of%20smart%20home%20speakers.png
