Smart speakers have become an essential part of the modern household, but experts warn that their convenience may come at the cost of people’s privacy and data security.
The high-tech speakers use built-in AI voice assistants like “Alexa,” or “Siri” to answer questions and requests relating to almost any topic or query using data taken from the internet.
Over 30 million smart speakers entered people’s homes in the first quarter of 2022.
Amazon’s Echo is by far the market leader, shipping nearly 10 million devices in the first quarter compared to Google and Apple’s 6 million and 4 million shipments respectively.
As well as answering questions, the speakers can respond to almost any request from their user – from setting an alarm to telling a story – often with personalised responses.
To do this, they must collect data from not only the internet, but also their own user’s conversations – whether it be for trigger words, location data, or shopping habits.
This mass data collection come at a cost, and experts have pointed out the severe privacy and security concerns holding personal data on such a scale raises.
To cut fact from fiction, cybersecurity experts from VPNOverview launched an investigation into the risks associated with this continuous and mass data collection.
They found that smart devices may be listening to more than we would like to think, and people may not be aware of the consequences of having the device in their homes.
Always on and always listening
By design, smart speakers must be ‘always on’ so they can be triggered by command words. Though there is an option on many speakers to wake the device manually or mute the device, this removes their purpose and convenience.
Reminiscent of the “I have nothing to hide” argument re data collection by products like Alexa. Basic privacy is a right, should be expected. Other ppl aren’t your content unless they consent. (This also ties into the *MANY* reasons why diverse representation is needed in tech.) https://t.co/fDvRxxj4UI
— Tech & Consent (@techandconsent) January 25, 2023
According to researchers from VPNOverview, one of the main problems with this is that smart speakers can misinterpret certain words or phrases as their wake word, taking action from what was said without the user realising it.
This can lead to things randomly turning off, messages and calls being initiated, or even items being purchased without the user’s consent.
Once activated smart speakers record and save what is being said after hearing the wake word.
This is to help creature routines for users and help developers improve the functionality of the device, but can lead to the device accidentally eavesdropping on conversations unrelated to its activation.
Third-party spyware
VPNOverview noted that many users are unaware of the fact that their data is not only collected and processed by first-party developers of smart speaker manufacturers, but also third-party
In fact, certain commands and skills installed on smart speakers are actually created by third-party developers, granting them access to the data collected by the device.
To read more about data privacy, visit our dedicated Data Management Page.
Since some of these third-party skills are not thoroughly moderated compared to first-party skills, they can put a user’s data at risk, researchers revealed.
This can become a gateway for hackers, leading to personal information being stolen as well as potential eavesdropping by software developers.
Protecting against the risks
Although the privacy implications of owning a smart speaker are clear, experts say there are ways users can protect themselves from the risks that do not involve disabling the device.
To ensure their conversation remains private, users can change the wake word of their device to minimise the chance of the speaker misinterpreting conversations for commands.
They can also ensure they only use skills provided by first-party developers, and use a VPN to provide an extra layer of security to their device.
Two-factor authentication is also available on smart speakers but most users leave it unactivated. Having multi-layered authentication will prevent the devices from purchasing items without a user’s consent, while also providing extra security.
Researchers from VPNOverview said “the convenience of smart devices comes with the cost of our privacy,” but “there are no other options to a smart speaker that provides this level of convenience, entertainment, and education”.
“As long as users are careful with the speaker's placement, how they use it and by ensuring their account is set up correctly, they can prevent possible hacks and sharing of unwanted data,” they concluded.