Published on June 9th, 2021 | by The GC Team0
Half of Britons use smart speakers. Is this a privacy issue?
Research shows the increasing demand for smart speakers and reveals the vulnerabilities they present
A new survey by virtual private network provider NordVPN has revealed that around a half of Britons have smart speakers in their homes, and almost half of users didn’t know that their recordings were permanently stored and thus didn’t take any action to prevent it.
According to NordVPN’s digital privacy expert Daniel Markuson, smart speakers take notes of everything we ask them to do or search for, and this is how we create a portrait of ourselves for companies that manufacture the devices. The data they gather is stored permanently and later helps companies to sell even more products or help other marketers to target their audiences. So, the real price we pay for smart speakers is our privacy and security.
Who uses smart speakers?
NordVPN’s research shows smart speakers are used by 42.4% of Britons. Women use them almost as much as men, and this can be connected to the fact that smart speakers are usually shared with other family members and thus are equally used by both sexes. Smart speakers are mostly used by younger people because they usually have more trust in new technology.
What should we be concerned about?
NordVPN: First of all, it is important to know that smart speakers record every command we give them if we leave the default settings. The recordings are usually stored on the device and then shipped off to the company’s cloud servers for processing. As many users don’t change the default settings, manufacturers have full control of the recordings and can use them in several ways, such as to improve the quality of the service, further develop AI technologies, or build users’ advertising profiles to sell them to marketers. Building a customer’s profile puts the user’s privacy in question.
Smart speakers’ passive listening, which is always on, also makes customers vulnerable. Passive listening results in accidental recordings, when some words are misheard as activation phrases (like using “OK good” instead of “OK google”).
Apart from businesses, our data is also valuable to cybercriminals. Unfortunately, no security system is secure, thus businesses get their users’ data leaked all the time. In 2019, Google reported the leak of 1,000 smart speaker recordings. 153 of those were “conversations that should never have been recorded” because the activation phrase “OK Google” was not given.
The main vulnerability of smart speakers is that they are usually connected to multiple devices to control different parts of our household just by speaking. This puts all the devices in danger in case one of them gets hacked.
“Hacking a smart speaker itself is not that easy, as it is mostly voice-controlled, so the hacker would need to be physically close to the speaker to hack it. However, cybercriminals have started to create special malware that helps to hack speakers through the smartphone they are connected to,” NordVPN’s Markuson explains.
“Once the phone gets malware installed through an infected app, criminals can access your command recordings and thus hack the smart speaker. As speakers are usually connected to every device at our home, this compromises the safety of our whole household, including security cameras and internet activity.”
What can users do to protect themselves?
Markuson says many people don’t take any action as they are not informed enough, and being aware of possible threats motivates people to take responsibility for their own privacy. Below are his tips for the safe usage of smart speakers:
- Review your smart speaker’s privacy and security settings and turn off recording;
- Mute the microphone when you do not want to be heard by your device;
- Don’t say any private information (passwords, bank credentials, or other) next to your smart speaker;
- Delete your command history once in a while;
- Create unique and sophisticated passwords for all the devices you use. Use a password manager like NordPass to store them safely;
- Enable two-factor authentication (2FA) on all the possible devices connected to your smart speaker;
- To stop cybercriminals from hacking your smart speaker, install VPN onto all possible devices connected to it (especially smartphones). VPN helps to encrypt your internet traffic and stop third parties from accessing your internet data.
Did you know? You can protect up to 6 devices using NordVPN, or all the devices in your household (including smart speakers) by installing NordVPN on your Wi-Fi router.