Can smart speakers be hacked? 10 tips to help stay secure
Smart speakers may test your own smarts because they raise a tough question: Can smart speakers be hacked?
The answer is important, since your personal information and privacy may be at stake.
The short answer is yes — under certain conditions — smart speakers can be hacked, but there are a lot of steps you can take to help protect yourself and your information.
How would a hack work? It varies.
For instance, researchers believe a cybercriminal might be able to send a sound or signal — one your smart speaker might interpret as a command — to control your device. The good news: Researchers are working on a fix.
“The range of activities that can be carried out by these speakers means that a hacker, or even just a mischief-minded friend or neighbor, could cause havoc if they gained access” to these devices, according to a Symantec white paper.
For a lot of consumers, there are two big concerns about smart speakers:
- One, they’re always listening.
- Two, they can act like hubs to connect to a variety of your devices, possibly creating points of vulnerability where hackers can strike.
It’s important to limit what kind of information you give to your smart speaker. What they don’t know can’t hurt you. It’s also important to properly configure your device.
Can smart speakers be hacked? How to limit the potential risks
It was reported in January 2018 that 39 million Americans own smart speakers. That’s according to a report from NPR and Edison Research. Also known as digital voice assistants, the devices combine a speaker with voice recognition. A wake-up word activates them to let you interact.
This makes digital voice assistants like Amazon Echo and Google Home great at taking orders. You can tell them to play music, read a recipe, or check the weather. Usually they follow your instructions.
Your digital voice assistant is a good listener — maybe too good. You might wonder if your smart speaker knows too much. It’s compiling information about you, taking your commands, and storing them on a server. You may not know who might gain access to the information or what they might do with it.
And strange things can happen. In one case, a voice assistant recorded a couple’s private conversation and then sent it to someone on their contacts list.
Add to this the connectedness of your digital life — many of your internet devices link to one another — and you might wonder if a hacker could slip through a security crack and leave with a haul of your personal data.
Here are some answers to help protect your security and privacy.
10 tips to help you stay secure
Smart speakers come with a variety of settings and features. It’s a good idea to take the time to get your settings right if you’re worried about protecting your personal data. Here are some tips to help limit your risks.
1. Watch what you connect
Since your voice assistant can be a hub for your connected devices — lights, thermostat, TV — be selective about what you connect. It’s smart not to connect security functions, such as a door lock or a surveillance camera. You don’t want a burglar to yell “Unlock the door!” and have your voice assistant oblige.
At the same time, you should disable the feature that links your calendar or address book — often rich sources of information.
2. Delete commands
Smart speakers allow you to listen to your past commands and to erase some or all of them. This is a good way to wipe any sensitive information that may be stored. It’s true, your device may have to “relearn” a command, but it’s a quick learner.
3. Be careful what you share
There’s plenty of information you don’t want your voice assistant to know. That includes your passwords, credit card information, and Social Security number. Remember, it’s possible anyone could access your sensitive personal information just by asking for it.
4. Turn off the microphone
Consider muting your device when you’re not using it. That’s the easiest way to get your device to stop listening. Of course, you’ll have to turn it back on next time you want to check the weather. Or you could look outside.
5. Turn off purchasing
Smart speakers often can be set to make purchases on command. Anyone with access to the device may be able to make a buy. That could be a problem. The solution? Set up a purchase password and keep it a secret.
6. Stay on top of notification emails
What if someone happens to slip in a purchase. You’ll usually receive a notification email. If it’s something you didn’t order — maybe it’s something suspiciously suited to your 12-year-old — you can cancel it.
7. Turn off “personal results”
Your voice assistant may help you to pay bills and manage other personal information. That could expose information you’d rather keep private, such as passwords or bank account numbers. One option? Turn it off.
8. Mind your network
Use a WPA2 encrypted Wi-Fi network and not an open hotspot at home. Create a guest Wi-Fi network for guests and unsecured IoT devices.
9. Enable voice recognition
You may be able to configure your device for voice recognition. This enables your device to tell different voices apart. This can be helpful, but it may not work all the time.
10. Strengthen your passwords
Protect the service account linked to your device with a strong password. If it’s available, use two-factor authentication. This can prevent anyone who has access to the account from listening in remotely.
Smart speakers carry the risk of getting hacked, and cybercriminals probably won’t stop trying to find vulnerabilities. But being careful about the type of information you share with your digital voice assistant is one way to help you outsmart them.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.