Amazon’s Alexa platform had bugs that a hacker could have exploited to grab a target’s entire voice history, according to Wired. This left the entirety of users’ recorded audio interactions with Alexa vulnerable, as well as additional personal information. Since, Amazon has patched the flaws, which could have yielded profile information, including home address and the “skills,” or apps, the user had added for Alexa. An attacker could have even deleted an existing skill and installed a malicious one to grab more data after the initial attack.
Smart speakers are like putting listening devices in your home. As we talk much more than we type, it can be easy to forget about the associated risks. Smart speakers have the capacity to pick up a lot of personal information, so they remain key targets for bad actors.
Owners are advised to use a smart speaker with caution and never disclose sensitive information out loud when one of these devices is in ear shot. The manufacturers have a duty to keep them secure and hence release patches as soon as any flaws are discovered. However, attackers are constantly looking for vulnerabilities to exploit and therefore, users are vulnerable to attack between a flaw being located and when they are patched. Although it may seem counter intuitive to the essence of a smart speaker, it is advised to lock down your voice assistant interactions and only turn it on when it is required, reducing the chance of any private information leakage.