These days, smart homes are all the rage–and for good reason. While there was a time that the idea of a virtual assistant at your beck and call felt like a dream, companies like Amazon have made it a reality.
In many ways, the smart home experience opens a world of endless convenience. Whether it's easy to access to your security cameras, your shopping list, or favorite music, devices like the Amazon Echo are the key to a seamless smart home experience. However, they are not without their fair share of security risks that you should know about.
Methods Hackers Can Use to Hack Your Amazon Echo Devices
1. Smart Bugging
In 2017, a British hacker was able to install malware into an Amazon Echo device which turns it into a remote listening device. On his cybersecurity blog, Mark Barnes discussed a technique that lets hackers stream audio from an Echo device using a soldered SD card.
Thankfully, this technique is not easy and cannot be done remotely, so most low-profile individuals will not be at risk for this kind of threat. In addition, Amazon has made it near impossible for hackers to do this on Echo Devices produced from 2017 onwards.
2. Fake Alexa Skills
In 2018, researchers found that using accents and mispronunciations can inadvertently lead to accessing fake Alexa skills that masquerade as popular and commonly used services.
Researchers from Indiana University, the Chinese Academy of Science, and the University of Virginia were able to successfully enable Alexa skills that sounded like popular incumbents, leading to unwitting installations.
For example, instead of saying "Alexa, install Capital One", hackers can create an app called "Capital Won." With this, Alexa will install a fake app on your device that has the potential to gather personal information.
However, it should be noted that Amazon does have policies in place to prohibit skills from infinging on intellectual property rights. A spokesperson told us by email:
Privacy and security are foundational to how we design and deliver every device, feature, and experience. We conduct security reviews as part of skill certification and have systems in place to continually monitor live skills for potentially malicious behavior. Any offending skills we identify are blocked during certification or quickly deactivated. We are constantly improving these mechanisms to further protect our customers.
3. Laser Audio Injection
According to researchers from the University of Electro-Communications in Tokyo and the University of Michigan, it is possible to issue commands to smart home devices using lasers up to 110 meters away.
Termed as Light Commands, lasers allow attackers to remotely inject inaudible and invisible commands into voice assistants. By using the right light frequencies, researchers pointed a laser at a microphone and successfully mimicked the human voice.
In the study, several commands such as those that disable smart locks and find, unlock, and start cars were successfully made using lasers. However, there are no reports of anyone using this technique in the real world, and users have a range of options (including the use of PINs and muting the microphone) that will prevent this attack method.
4. Voice Faking
Many of us upload videos with our voice without much thought. However, it's becoming increasingly easy for hackers to prowl the internet to stitch together your voice and compose a command for your devices that use voice recognition. For its part, Amazon monitors live skills and is committed to improving these mechanisms in the future.
How to Keep Your Amazon Echo Devices from Being Hacked
While it can be challenging to keep your Amazon Echo devices free from hackers, here are some quick tips that you can follow.
1. Buy Only from Amazon
These days, there are plenty of third-party sellers who can promise you the same smart home device for cheaper. However, unless you are buying from Amazon itself, there's no guarantee that your smart home device wasn't tampered with before it reaches your door.
When it comes to smart home devices, it's better to not skimp on things that can lead to security risks. By buying directly from Amazon, you can be confident that it is made up to the standard of other Echo devices and shipped without any unwanted changes.
2. Check Your Alexa Skills
With the barrier to entry being so low, fake Alexa skills are quickly becoming the easiest way that hackers can access your Echo device. To avoid this, make sure to regularly check if you installed the correct and official applications on your device.
3. Avoid Placing Smart Devices Near the Door
While some smart devices need to be near the doors, not everything should. When you place your smart home devices near the doors or outdoors, it is possible for outsiders to voice commands and activate devices without your consent.
If possible, avoid leaving smart devices in areas where they can easily be accessed by outsiders. When used in tandem with a smart lock, this may even be a quick way for people to break into your home, especially if they overhear your PIN code.
Never Post Videos of Yourself Speaking Commands Online
Whether it's to show an interesting feature or make Alexa say something funny, showing off your Echo device undoubtedly looks cool. With the excitement of owning a smart home device for the first time, many people are posting videos of them on social media while giving commands.
Posting what devices you own, how you use them, and your voice commands can potentially open you up to various types of risks. Hackers can easily identify what smart home devices exist within your home and the ways that they can make use of them.
4. Don't Connect Everything to Your Smart Home Network
In general, smart home devices work best in an ecosystem. For this reason, many smart home manufacturers like Amazon continually find ways to find smart home devices for almost every need.
However, it's important to understand that just because these devices are available, it doesn't necessarily mean that you should have them inside your home. While companies will always be looking for new ways to get you to open your wallet, there are always opportunities to choose safety over convenience.
Keep Your Amazon Echo Devices Safe from Hackers
While this doesn't currently seem like a substantial issue, the continuous integration of smart devices into our homes can set us up for dangerous situations in the future. In fact, it's always better to build a solid foundation of safe and secure smart home device practices before any real threat is realized.
Unfortunately, device manufacturers can only fill in so many gaps. At the end of the day, staying safe from people looking to take advantage of your smart home devices is an ongoing and somewhat personal act.
By being mindful of the different ways that your smart home can be compromised, you can avoid the pitfalls of smart home device ownership.