Smart speakers: Christmas treat or lump of coal?

Smart speakers: Christmas treat or lump of coal?

Christmas is nearly upon us, and thoughts are perhaps turning to various digital presents of a “smart” nature. Home security, hubs, speakers, cameras, and mashups of all of those and more besides.

With regards to speakers, the most immediate pieces of your home are theoretically at your beck and call.

There’s lots of good advice out there in terms of what to do with your new devices. Untick boxes, increase security, perhaps eliminate the “smart” feature entirely by ripping out batteries. However, is it possible that we’re taking things a little too far? Are our concerns justified? Is there, perhaps, a somewhat happy middle ground where these devices can co-exist with us minus an endless sense of panic?

Well, probably not. But maybe we can alleviate a few fears along the way.

Accidents will happen

This is a fact of life. Nothing is 100 percent secure, and nothing is 100 percent free from errors and mishaps. While this is scant consolation if something goes disastrously wrong, accepting that nothing is perfect sometimes goes a long way.

Many of the more “oh no, now what” news stories about smart speaker devices involved an accident, or an unforeseen use of the technology at hand.

Of dollhouses, cookies, and burgers

Many reported incidents are about accidental interactions between users and their devices. Of particular note is the 2017 story of a child somehow managing to place an order for a dollhouse and cookies through Amazon’s Alexa. This became even more confusing when a TV segment apparently caused chaos with a number of additional attempted orders. It’s worth noting that none of those additional attempts seem to have resulted in purchases, so either we’re missing some crucial part of the child’s story or something genuinely malfunctioned in their home.

We also have South Park pranks, and the infamous Burger King ad triggering Google Home to tell their owner all about burgers via text read out aloud from Wikipedia. While this is humorous, it could have easily invited some incredibly dubious messages into the home given anyone can edit Wikipedia text. In fact, the ad text was indeed sabotaged. What a world.

Privacy problems

Accidental recordings are perhaps the biggest potential problem, and certainly most likely to cause a privacy issue. In May 2018, a series of miscues caused private conversations to be sent to a random contact via an Echo speaker. This is, of course, horrendous and could easily have ended in disaster depending on context.

It’s also essential that device owners read all EULAs and privacy policies thoroughly. They’re complicated enough for simple mobile games, without pondering the ramifications of real-world interactions. As I mentioned on Top 10 VPN’s Privacy Central article about this very subject, even if you read through a lot of legal words, there’s no guarantee everything won’t change while you’re not looking.

Listen closely?

The potential threat of always listening devices is prone to overhyping. The biggest issue tends to be accidental activation, from adverts or background noise. It’s rare for speakers to malfunction and listen of their own accord.

Owners may wish to disallow voice-activated devices from being able to lock or unlock entry points into the house, as this is an area of deliberate activation which could cause the most harm. They certainly don’t collect everything said and are deliberately set up to avoid it. Grabbing everything 24/7 would mean device manufacturers simply couldn’t cope with all the data, so it’s in their best interests to be as concise and targeted as possible.

As evidenced by Mozilla’s recent “Privacy not included” list, people seem to have a strong aversion to smart speakers. Amazon and Google’s devices are currently rated “super creepy” by voters, whereas the only smart speaker to have a positive “not creepy” rating at all is the open source Mycroft Mark 1. With a lack of insight into how closed systems are operating inside the home, it perhaps makes sense that people would turn to open source devices where they can get a better understanding of what’s happening instead.

What’s the biggest area of concern?

As I’ve mentioned previously, I believe rogue IoT devices pose the biggest threat to victims of domestic abuse. This is due to ease of access to devices on the part of the malicious individual. The ability to control aspects of the home down to the smallest detail is a potential nightmare scenario. There are ways to combat this, but it’s risky and we always suggest professional support and assistance wherever possible.

Who speaks the truth?

All we can do is look at the evidence on offer and make an informed decision. If you’re okay with the possibility of occasional accidental misfires or mischievous triggers, you’re good to go. We can’t pretend these devices won’t continue to make their way into our homes. What we can do is ensure we take steps to limit harm wherever possible. Keep on top of possible threats as and when they surface, and you’ll hopefully have no problems this festive season.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.