Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

featured image 3


February 15, 2017

By Jason Knowles and Ann Pistone
Monday, February 13, 2017 10:42PM

CHICAGO (WLS) — Millions of people have smart hub devices like the Amazon Echo and Google Home, but they could be putting users’ privacy at risk.
The I-Team tested the devices with experts and found potential vulnerabilities that could be used by hackers and thieves.
The devices act as home assistants who respond to verbal command words. The I-Team found that the Amazon Echo app for Alexa records and saves users’ conversations — even if the smart hub device only “thinks” it hears the word “Alexa.” Brian Liceaga, of the Evolve Security Academy, found even more personal information.
Experts said they can be an identity thief’s dream if users don’t have a pass code on their phone or tablet, or if those devices are on unsecure Wi-Fi networks.
“So they can start building a profile around you and execute a social engineering attack. So they might know when you’re going on vacation, they know your interests, they might know things that you’ve looked up, that you’ve asked the device,” said Liceaga. The I-Team inspected an Echo belonging to a man known as “Professor Fraud.”

“If it thinks it hears the name ‘Alexa,’ it wakes up and starts recording. So it’s potentially an invasion of privacy and also potentially embarrassing,” said William Kresse, a professor at Governors State University.
Amazon said the saved recordings are stored to improve accuracy and make the product better, but they can be deleted individually or all at once. The I-Team also found that Kresse’s answering machine could be used to control Alexa via voice commands. This could be used by a burglar checking to see if anyone is home or even a neighbor trying to order something for themselves.

“Now Amazon has the option to put in a four-digit code whenever you want to place a purchase order. Otherwise, anyone could just say a few words – even accidentally – and the next thing you know, you’ve got a delivery coming to your house,” Kresse said. The I-Team also examined a Google Home, which belongs to Patrick Connor, the husband of an ABC7 employee, and the Google app for it.
“I had no idea that I could go back and even hear my own voice on my own phone. I think what was most alarming to me was that it even seemed to be recording before I said ‘Okay Google,'” Connor said. “So now I’m wondering, ‘Is this thing always listening? Is it always on?'”
Google said the device only stores audio after recognizing the words “Ok Google” or “Hey Google,” but said that content is sent to Google servers. Google officials also note that voice history can be deleted, similar to web history. The I-Team also tried to hack both devices. Expert were able to locate the Google Home but couldn’t crack into either. Amazon and Google both said devices go through extensive security and privacy reviews.

“Amazon and Google have, not only large security teams, but some of the best in the world and the best talent in the world,” Liceaga said. But he says you should still be skeptical over that extra set of ears. “This device that’s always there and listening, we have to use it with caution and safety,” Liceaga said.
Users may want to mute devices when not in use to prevent unwanted recordings. For the Echo, users can turn off voice purchasing or even chose between two other command words instead of “Alexa.” Also, users should make sure software for the device is updating automatically. Experts also said that the riskiest vulnerabilities aren’t in the smart hubs themselves, but in those apps or accounts on your tablets and computers.
“Their windows computer might actually have the password to the amazon account in which case I can bypass this all together,” Liceaga said. Liceaga said users should put smart hubs on a guest Wi-Fi network which is separate from the one used by other devices to create a barrier between the smart hubs and other devices. Experts also suggest changing the smart hub device name on the Wi-Fi so it can’t be detected.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
FBI’s Comey: No Absolute Privacy in U.S.
March 21, 2017

FBI Director James Comey charged on Wednesday that there is no longer "absolute privacy" in the Unit...

Read more
SAN FRANCISCO - OCTOBER 24:  Dustin Moskovitz, co-founder of Facebook, delivers his keynote address at the CTIA WIRELESS I.T. & Entertainment 2007 conference October 24, 2007 in San Francisco, California. The confernence is showcasing the lastest in mobile technology and will run through October 25.  (Photo by Kimberly White/Getty Images)
Facebook tightens privacy, bans developers from harnessing data for surveillance
March 15, 2017

Facebook, saying it is “committed to building a community where people can feel safe making their ...

Read more
Heartbeat could be used as password to access electronic health records
March 7, 2017

Researchers at Binghamton University, State University of New York have devised a new way to protect...

Read more
Are your running shoes spying on you?
March 2, 2017

Five or 10 years ago, such a statement might have been appropriate for a cartoon matinee or slapstic...

Read more
Federal Agency Begins Inquiry Into Auto Lenders’ Use of GPS Tracking
February 23, 2017

Auto loans to Americans with poor credit have been booming, and many finance companies, credit union...

Read more