Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

featured image 3

WHO IS LISTENING? SMART HUB DEVICES SPARK PRIVACY CONCERNS

February 15, 2017

By Jason Knowles and Ann Pistone
Monday, February 13, 2017 10:42PM

CHICAGO (WLS) — Millions of people have smart hub devices like the Amazon Echo and Google Home, but they could be putting users’ privacy at risk.
The I-Team tested the devices with experts and found potential vulnerabilities that could be used by hackers and thieves.
The devices act as home assistants who respond to verbal command words. The I-Team found that the Amazon Echo app for Alexa records and saves users’ conversations — even if the smart hub device only “thinks” it hears the word “Alexa.” Brian Liceaga, of the Evolve Security Academy, found even more personal information.
Experts said they can be an identity thief’s dream if users don’t have a pass code on their phone or tablet, or if those devices are on unsecure Wi-Fi networks.
“So they can start building a profile around you and execute a social engineering attack. So they might know when you’re going on vacation, they know your interests, they might know things that you’ve looked up, that you’ve asked the device,” said Liceaga. The I-Team inspected an Echo belonging to a man known as “Professor Fraud.”

“If it thinks it hears the name ‘Alexa,’ it wakes up and starts recording. So it’s potentially an invasion of privacy and also potentially embarrassing,” said William Kresse, a professor at Governors State University.
Amazon said the saved recordings are stored to improve accuracy and make the product better, but they can be deleted individually or all at once. The I-Team also found that Kresse’s answering machine could be used to control Alexa via voice commands. This could be used by a burglar checking to see if anyone is home or even a neighbor trying to order something for themselves.

“Now Amazon has the option to put in a four-digit code whenever you want to place a purchase order. Otherwise, anyone could just say a few words – even accidentally – and the next thing you know, you’ve got a delivery coming to your house,” Kresse said. The I-Team also examined a Google Home, which belongs to Patrick Connor, the husband of an ABC7 employee, and the Google app for it.
“I had no idea that I could go back and even hear my own voice on my own phone. I think what was most alarming to me was that it even seemed to be recording before I said ‘Okay Google,'” Connor said. “So now I’m wondering, ‘Is this thing always listening? Is it always on?'”
Google said the device only stores audio after recognizing the words “Ok Google” or “Hey Google,” but said that content is sent to Google servers. Google officials also note that voice history can be deleted, similar to web history. The I-Team also tried to hack both devices. Expert were able to locate the Google Home but couldn’t crack into either. Amazon and Google both said devices go through extensive security and privacy reviews.

“Amazon and Google have, not only large security teams, but some of the best in the world and the best talent in the world,” Liceaga said. But he says you should still be skeptical over that extra set of ears. “This device that’s always there and listening, we have to use it with caution and safety,” Liceaga said.
Users may want to mute devices when not in use to prevent unwanted recordings. For the Echo, users can turn off voice purchasing or even chose between two other command words instead of “Alexa.” Also, users should make sure software for the device is updating automatically. Experts also said that the riskiest vulnerabilities aren’t in the smart hubs themselves, but in those apps or accounts on your tablets and computers.
“Their windows computer might actually have the password to the amazon account in which case I can bypass this all together,” Liceaga said. Liceaga said users should put smart hubs on a guest Wi-Fi network which is separate from the one used by other devices to create a barrier between the smart hubs and other devices. Experts also suggest changing the smart hub device name on the Wi-Fi so it can’t be detected.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
ph
HACK BRIEF: ONEPLUS PHONES HAVE AN UNFORTUNATE BACKDOOR BUILT IN
November 16, 2017

ONEPLUS SMARTPHONES HAVE developed a bit of a cult following, thanks to a combination of design and ...

Read more
725_ly9jb2ludgvszwdyyxbolmnvbs9zdg9yywdll3vwbg9hzhmvdmlldy9lndczzdrknjc3mjc1ngnkogzjnmfmmmq2owu4nji3ys5qcgc
Experienced IP Litigator, Cybersecurity & Data Privacy Lawyer Gabriel Ramsey Joins Crowell & Moring
November 13, 2017

SAN FRANCISCO, Nov. 13, 2017 /PRNewswire/ -- Crowell & Moring LLP is pleased to announce the add...

Read more
150522100240-amazon-delivery-780x439
Amazon Key’s big privacy test is now in your hands
November 7, 2017

Amazon Key's debut was merciless. People took to social media two weeks ago to deride the new in-...

Read more
pr
Why some privacy experts are spooked by iPhone X’s facial recognition feature
November 2, 2017

SAN FRANCISCO — Apple Inc. won accolades from privacy experts in September for assuring that facia...

Read more
maxresdefault
Always-on Voice Technology Raises Privacy Concerns
October 30, 2017

New technologies positively advertise constant microphone monitoring–but is it what consumers want...

Read more