Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

featured image 3


February 15, 2017

By Jason Knowles and Ann Pistone
Monday, February 13, 2017 10:42PM

CHICAGO (WLS) — Millions of people have smart hub devices like the Amazon Echo and Google Home, but they could be putting users’ privacy at risk.
The I-Team tested the devices with experts and found potential vulnerabilities that could be used by hackers and thieves.
The devices act as home assistants who respond to verbal command words. The I-Team found that the Amazon Echo app for Alexa records and saves users’ conversations — even if the smart hub device only “thinks” it hears the word “Alexa.” Brian Liceaga, of the Evolve Security Academy, found even more personal information.
Experts said they can be an identity thief’s dream if users don’t have a pass code on their phone or tablet, or if those devices are on unsecure Wi-Fi networks.
“So they can start building a profile around you and execute a social engineering attack. So they might know when you’re going on vacation, they know your interests, they might know things that you’ve looked up, that you’ve asked the device,” said Liceaga. The I-Team inspected an Echo belonging to a man known as “Professor Fraud.”

“If it thinks it hears the name ‘Alexa,’ it wakes up and starts recording. So it’s potentially an invasion of privacy and also potentially embarrassing,” said William Kresse, a professor at Governors State University.
Amazon said the saved recordings are stored to improve accuracy and make the product better, but they can be deleted individually or all at once. The I-Team also found that Kresse’s answering machine could be used to control Alexa via voice commands. This could be used by a burglar checking to see if anyone is home or even a neighbor trying to order something for themselves.

“Now Amazon has the option to put in a four-digit code whenever you want to place a purchase order. Otherwise, anyone could just say a few words – even accidentally – and the next thing you know, you’ve got a delivery coming to your house,” Kresse said. The I-Team also examined a Google Home, which belongs to Patrick Connor, the husband of an ABC7 employee, and the Google app for it.
“I had no idea that I could go back and even hear my own voice on my own phone. I think what was most alarming to me was that it even seemed to be recording before I said ‘Okay Google,'” Connor said. “So now I’m wondering, ‘Is this thing always listening? Is it always on?'”
Google said the device only stores audio after recognizing the words “Ok Google” or “Hey Google,” but said that content is sent to Google servers. Google officials also note that voice history can be deleted, similar to web history. The I-Team also tried to hack both devices. Expert were able to locate the Google Home but couldn’t crack into either. Amazon and Google both said devices go through extensive security and privacy reviews.

“Amazon and Google have, not only large security teams, but some of the best in the world and the best talent in the world,” Liceaga said. But he says you should still be skeptical over that extra set of ears. “This device that’s always there and listening, we have to use it with caution and safety,” Liceaga said.
Users may want to mute devices when not in use to prevent unwanted recordings. For the Echo, users can turn off voice purchasing or even chose between two other command words instead of “Alexa.” Also, users should make sure software for the device is updating automatically. Experts also said that the riskiest vulnerabilities aren’t in the smart hubs themselves, but in those apps or accounts on your tablets and computers.
“Their windows computer might actually have the password to the amazon account in which case I can bypass this all together,” Liceaga said. Liceaga said users should put smart hubs on a guest Wi-Fi network which is separate from the one used by other devices to create a barrier between the smart hubs and other devices. Experts also suggest changing the smart hub device name on the Wi-Fi so it can’t be detected.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
Aim, Fire: Bulletproofs Is a Crypto Privacy Breakthrough
January 16, 2018

There's a new privacy technology in the crypto Wild West, and if the rate at which it's winning favo...

Read more
UIDAI introduces concept of ‘Virtual ID’ to address privacy concerns
January 10, 2018

NEW DELHI: In a bid to address privacy concerns, the UIDAI on Wednesday introduced a new concept of ...

Read more
Is Bitpay Bullying Other Bitcoin Wallets and Hurting Users’ Privacy?
January 8, 2018

Bitpay is facing a backlash against its decision to implement a controversial feature it says is mea...

Read more
Bitcoin billionaires & privacy crusaders: Tech leaders to follow in 2018
January 3, 2018

The end of year is a time of reflection for most, but when it comes to the innovating industries of ...

Read more
Snowden’s new app is a step forward in privacy protection – former MI5 officer
December 27, 2017

Ed Snowden’s new personal security app can be a good tool to protect individual privacy in the tec...

Read more