Keeping Voice-Activated Smart Home Device From Talking to the Wrong People
by Jeff Finn, CEO of zvelo
The introduction of voice-activated smart home solutions – like Amazon Echo and Dot, Google Home, and Apple’s HomePod – have brought with them the dream of convenient Star Trek-like interfaces where a user’s spoken wish is their command. But at the same time, these devices have served as a Trojan Horse, increasingly inviting in security issues and unintended consequences. The greatest security vulnerabilities created by these products are due to the fact that, while they prominently feature advanced voice recognition, they cannot really tell who’s talking. The dangers this presents are compounded when the devices feature the ability to make purchases (with few safeguards under default settings), as well as control smart home features (lights, thermostats, locks, etc.) that users do not want malicious actors to be able to manipulate.
*****The following article, by Jeff Finn, appears as an online article on IoT Central‘s website and was originally published on September 6, 2017.
These factors have contributed to a number of actual events, which land somewhere between fascinating and frightening as to the level of harm they represent – but all should certainly provoke concern. In one story, a local news report told the tale of a child who managed to order a dollhouse and cookies from the family’s Amazon Echo, and actually repeated and amplified the issue. Viewers of the segment then complained that their own Amazon devices responded to the voice on the television by attempting to order dollhouses. In another example, an ad campaign for Burger King took advantage of Google Home devices in an innocuous but troublesome manner, purposefully triggering the devices to begin reading the Wikipedia entry for the Whopper aloud in people’s homes. Google soon took action to stop Home devices from responding to the ad, but the security issue was clearly demonstrated.
The companies behind these devices are tasked with performing something of a balancing act: customers want full featured devices with the convenience of easy purchasing and control over their homes by voice, but those features can be at odds with the cumbersome security measures that would ensure greater safety. These providers will certainly iterate and work to address these issues, but, in the meantime, there are a number of steps that users ought to take to improve security on these voice-activated devices now.
Read more about 6 tips to keep a smart home device from talking to the wrong people.
zvelo, a thought leader in information security and the IoT Security spaces, recently won the IoT Evolution’s Award for its zvelo IoT Security solution.