Hey Siri, do “always listening” virtual assistants carry serious security and privacy risks? According a recent CSO Online article, nearly 50 percent of IT professionals think so. Though these products provide a ton of convenience and are just flat out cool, experts are wary about the amount of private or confident information they might be privy to.
Here’s what Marc Laliberte, WatchGuard’s information security threat analyst told CSO Online: “IT should treat virtual assistant devices just like any other IoT device that records sensitive information and sends it to a third party. These devices should not be operational in locations where potentially sensitive information is verbally passed. Furthermore, IoT devices should be segmented from the rest of the corporate network to provide additional protections if they become compromised.”
Manufacturers like Amazon, Google and Apple claim that conversation data gathered by these devices are never sent to their servers until the virtual assistant is explicitly requested to perform a task, and there is no evidence to discredit this claim. That said, the threat to privacy is still there if these manufacturers ever decide to change their stance or if a malicious hacker gains control of the device.
As with any IoT product, virtual assistant devices are also a potential hideout spot for malicious hackers to infect with a remote access Trojan (RAT) and launch further attacks from throughout the network. IoT devices are rarely monitored, which could allow an attacker to hide an infection and remain undetected for months. If an attacker did compromise a virtual assistant device, they could then effectively control a listening device capable of eavesdropping on any conversations in the room. This is a serious threat that shouldn’t be ignored.
Read the full article on CSO Online, Network World, ITWorld, IT News and CIO for more from Marc and other security experts. To learn about how hackers might be able to gather data from one tech product most of us own, but few would suspect, check out this Daily Security Byte from Corey Nachreiner, CTO at WatchGuard.