A smart speaker in the house is a huge risk. Especially if you buy a small model

Every year, the prevalence of smart speakers is growing, it can be seen with the naked eye. However, more recently, in 2021, their popularity has increased many times – and not only around the world as a whole, but also in Russia in particular (they sold 2.6 times more smart speakers than in 2020). Experts believe that one of the key reasons for this was the pandemic – spending more time at home, people not only became interested in smart home gadgets, but also began to experience a lack of communication.

Nevertheless, in purchasing a smart speaker for home, there are not only positive aspects that buyers think about. There is also a serious drawback in the form of a risk to confidentiality, and this raises serious concerns among specialists.

There are risks in the very purpose of smart speakers

From the user’s point of view, smart speakers make everyday life easier, allowing you to play a song by voice, check the weather forecast, set a house cleaning reminder, and more. But the principle of their work is forgotten, but in vain – it would obviously cause notes of anxiety in many users. Smart speakers constantly “listen” to the surrounding sounds in order to activate in time for a welcome phrase (“Ok Google” and the like).

By default, in most cases, speakers can save a record of communication with a person to further improve the quality of the assistant – in this case, the dialogue is sent to the developers’ servers, where real people can listen to it.

Although this fact itself can cause some rejection, in most cases there is nothing excessively confidential in requests for voice assistants.

All this makes it even more likely that the system will misrecognize the welcome phrase and automatically send developers a speech that is not at all intended for a voice assistant. For example, algorithms can easily confuse the phrases “Eat lemon balm” and “Listen, Alice” (a greeting for a virtual assistant from Yandex).

Smart speakers are protected, but there are always risks

Since smart speakers not only constantly “hear” everything you say, but also control other smart home gadgets (smart light bulbs, smart kettle, smart humidifier, etc.), they are one of the most dangerous smart home gadgets. Naturally, such devices attract hackers — attackers can either steal personal data from users or embed hacked gadgets into a malicious botnet for further DDoS attacks.

It is worth noting that large corporations are behind the development of the vast majority of smart speakers, which are not least concerned about the security of user data. Nevertheless, there are always risks of hacking a system, especially such a treat for hackers. For these purposes, the most fanciful methods can be used: for example, in 2019, Japanese researcher Takeshi Sugawara demonstrated how smart speakers can be controlled using a laser (a laser pointer beam aimed at a certain area on the speaker can potentially activate the recording of a conversation). Even earlier, in 2017, the DolphinAttack vulnerability was revealed – its idea is to control a smart speaker through ultrasound without the user’s knowledge (a person will not hear him, but the gadget’s microphones are completely).

By gaining access to a smart speaker, in most cases, attackers will be able to interact with other gadgets in the house. This is especially dangerous if various video surveillance systems are paired with smart speakers, including home IP cameras and baby monitors, in which case the privacy risks are maximum.

Small smart speakers are not safer than big ones

Depending on the user’s request, smart speakers either process the information themselves or send it to a remote server – the latter is considered less secure. It is impossible to say how a particular smart speaker works – it depends on the manufacturer and its orientation. But a pattern can be distinguished: the more compact the device, the fewer tasks it can solve on its own due to a banal lack of performance.

Are smart speakers contraindicated for paranoid people? No, especially in 2022

Having read up to this point, you might have the impression that smart speakers are a real evil with flaws that overlap any positive aspects. But this is not at all the case, especially now, when smart gadgets surround us everywhere. In the modern world, we constantly use devices that pose a threat to our privacy – take a smartphone that monitors us not only at home, but also outside (unlike a smart speaker).

The problem is that people do not treat “home” gadgets as something that is dangerous. Legal scholar Silvia de Conca from the Free University of Amsterdam explains this by saying that people subconsciously associate the house with safety, and therefore, in our brain, all the objects in it do not pose any threat to us. This is exacerbated by the fact that modern gadgets do not look alien – smart speakers look like familiar portable speakers, and smart TVs are no different from their “stupid” predecessors. Because of all this, we do not treat potentially dangerous devices as something that can become a dangerous tool in the hands of attackers.

In fact, it is enough to follow certain precautions to reduce all kinds of risks to a minimum and use smart speakers as boldly as a smart TV, smart watch or smartphone:

• do not connect security systems (cameras, locks, home alarms) to voice assistants – this way you add a potential hole in their security system;
• turn off the microphone when you don’t want anyone to hear you – many smart speakers have a hardware shutdown button, or you can turn them off completely;
• use a separate Wi-Fi network for smart devices in the house so that they are isolated from personal gadgets (smartphone and computer) – in case of hacking, attackers will not get access to your main devices;
• change the default passwords on smart devices as hackers easily get hold of them;
• do not neglect firmware updates for smart home gadgets, security gaps are often eliminated with updates;
• be sure to set up WPA2 encryption on the router – if someone intercepts the information transmitted by your devices, he will not be able to read it.