Digital Assistants - Time To Take Your Privacy & Security Seriously

14 November 2018

Since the release of Amazon’s Alexa in November 2014, the popularity of digital assistants has skyrocketed, with technology firm Ovum predicting that the number of active devices in homes will exceed the world’s population by 2021.

But given the volume of personal and often sensitive data stored by these devices, and with Christmas just around the corner, to what extent can we trust them and how safe are they?

Allowing users to play music, access the weather forecast, adjust the heating or make a phone call without lifting a finger, devices such as Amazon Alexa, Google Home, and Microsoft Cortana enable individuals to control all aspects of their homes, with a simple voice command. Furthermore, supported by third party apps, digital assistants can even call you an Uber, purchase you a train ticket, or help you exercise.

While security experts agree digital assistants themselves are very secure, the home appliances and smart home gadgets connected to them could be vulnerable. Exploiting the tendency for people to stick to default passwords and have all their devices connected to one Wi-Fi-network, cyber-criminals can gain access to home security systems, baby monitors, and even access your banking information.

Earlier this year the New York Times published an article in which security experts demonstrated how hidden commands recorded at frequencies undetectable to human ears, could be used to activate digital assistants.

Playing secret instructions through YouTube videos and loudspeakers, researchers were able to instruct smart devices to navigate to particular websites, make phone calls and even install malware. While this study was based solely on evidence obtained within a laboratory, it is possible that malicious actors, such as cyber-criminals, could make use of these opportunities in the future.

Though audio attacks may be a while off, voice recognition technology can be easily tricked or confused. A quick browse of the popular online forum Reddit provides many examples of devices completing unsolicited tasks.

For example, in March this year, several reports surfaced about Alexa suddenly emitting an evil laugh – quite frightening to any unsuspecting person home alone. Amazon reportedly attributed the glitch to the device mistakenly responding to the command "Alexa, laugh" and disabled the feature.

Instances of devices turning on without being given their ‘wake word’, such as “Ok Google” in the case of Google Home (which alerts the device that it is about to be used), are equally notable. Personal conversations are not supposed to be recorded, yet once the command is heard, the device will begin recording and send the information to its server or store it in the Cloud; leading to unsubstantiated claims of individuals receiving suspiciously targeted advertising after having seemingly private conversations around their devices.

So when it comes to your security and privacy, what can owners of digital assistants do?

  1. Ensure you have a strong password for your wireless network and if possible have separate networks for your smart-home devices and your personal computer or laptop;
  2. Be aware of what it is you are asking your assistant and delete any archived recordings that contain personal or sensitive data;
  3. If your device enables you to, change the ‘wake word’ to something personal that is unlikely to be mistakenly uttered.

That said, there is no need to fear an artificial intelligence or a big brother take over, just yet. By ensuring you have the correct safeguards in place, you can continue to enjoy the benefits of these incredibly useful devices, without overly worrying that the security and privacy of you and your family are at risk.

Receive our monthly newsletter

About the Author

Georgia Lacey

Consultant, Intelligence

Employing the techniques of an investigative journalist, Georgia utilises sophisticated open source research methods and digital forensics to assist clients with online privacy issues.

+1 646 934 6219
Our 24 hour number
+1 646 934 6219
Legal information

© 2020 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.