Over the past couple of years, more and more people are using smart speakers to help them manage their day-to-day lives. Some people use them as their personal assistants, some just use them to help them remember things they would tend to forget otherwise, others just use them as extremely complex thermometers. Regardless what the use is, one question will always be near the surface about these devices: Are they secure? Let’s take a look at the many issues surrounding smart speaker security.
Are They Listening?
Whatever you use your smart speaker for, you have had to have the notion that at some point they are spying on you. Whether it be the curious placement of ads of things you’ve just been discussing around your smart speaker, or the random answers they will give you to questions you didn’t ask out of the blue, you might be curious whether these devices listen when they aren’t supposed to. Well, the answer is yes, but it isn’t as bad as you may think.
Sure, the smart speaker is always listening, but it isn’t always recording. Humans record information when people talk to them, but the smart speaker is really only listening for the wake words and this is a very important distinction to make. In fact, these devices wouldn’t get very far if they recorded everything that is said when they aren’t supposed to. It has class-action lawsuits all over it. Think of a smart speaker as someone who’s there, but isn’t paying attention to you. You have to get their attention by saying their name, just like the smart speaker.
Since these devices are always listening, you can accidentally trigger the smart speaker, at which time it will start recording. This is why your smart speaker will seemingly randomly answer a phantom question. You will want to review the privacy settings which can typically be found on the corresponding app you use to control the device. Since many smart speakers don’t have a physical interface to them, many users neglect to change the default settings leaving the manufacturer to decide what information is captured. They will always choose more information, so if you are concerned about what they are getting from you, you’ll want to alter the settings.
How to Limit Your Risks
There are some things you can do to protect your privacy while using IoT devices like smart speakers. Let’s look at a few:
- Watch what you say – The first tip is to just be conscious of what you say in a room with a smart speaker in it. Any similar phrase to their keywords can awaken the device and record your words. Everything that is said to Google is processed locally and sent to the cloud, so if your device is triggered to record, you may end up giving over data if you aren’t cognizant.
- Regularly delete command history – These devices use past commands to understand your voice more effectively, but it can also be a security risk to just keep all the data in the app. Usually, commands can be deleted individually or in full.
- Opt-out of data sharing – you can opt-out of helping an organization “improve” voice services with very little trade-off.
- Consider keeping all IoT devices on their own partitioned network – Most routers can be set up to create multiple networks. By keeping IoT devices away from other technology, you mitigate the risk presented by devices that, by and large, don’t have strong security in place.
- Update software – The best way to keep any piece of technology secure is by keeping the device updated with the latest patches and updates.
Smart speakers can be really useful, but they can also be the weak link in the network security chain. If your business needs help securing its network from IoT devices, give us a call today at (616) 534-1500.
RedRock offers a full range of compliance-focused IT services including help desk, server and network management, perimeter and endpoint security, and associated hardware and software. What makes us unique is how we bake security into everything we do. We are regulated by the FDIC, NCUA, and DIFS. We undergo regular exams and audits by 3rd party assessors. This oversight offers our customers the peace of mind that multiple entities look at our products, policies, procedures, financials, etc.