• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Is Someone Hacking Your Echo? Probably Not Right Now

May 5, 2017 By The Editor

 hacking code

Most IoT device security is pretty terrible, so you’re probably assuming that virtual assistant devices like Amazon Echo and Google Home are a major risk. After all, these devices record all nearby conversations (at least temporarily). But while Alexa does pose some privacy issues, we don’t consider it a major security risk.

Why? Two reasons. First, major companies like Amazon, Google and Apple take security seriously and their devices are quite hardened. In fact, we tested an Echo Dot as part of a recent IoT pen testing project and it passed all our security assessments. Companies like Amazon and Google put in the time and effort to make their products secure (not impossible to hack, but much more secure than an IoT webcam or a device from a minor manufacturer).

Second, an Echo is a low-value target for a hacker. These home automation devices don’t store data long-term; they record it, transmit it, then delete it. So hacking an individual Echo could net a hacker some personal information on a few people, but hacking a major website’s database could get them personal information on hundreds of thousands of people. In short, there are plenty of less-secure devices and platforms that can yield a great reward for bad guys. 

While it’s highly unlikely a cybercriminal will hack your virtual assistant device, we do advise that individuals avoid discussing sensitive information near an always-on listening products like Echo. Businesses should also segment all IoT devices including virtual assistants from their corporate network in case one of them is infected.

Read more about virtual assistant security here on Secplicity and in CSO Online. For more on IoT security, check out WatchGuard CTO Corey Nachreiner’s article about why home gaming consoles might be the most secure device in your home.  

Share This:

Related

Filed Under: Editorial Articles

Comments

  1. Mehgan says

    May 5, 2017 at 11:10 am

    Let me start off by saying this is a great read and definitely something to think about!
    However, I thought you should be made aware that there is a spelling error in the third paragraph in the last sentence, “plenty of less-secure devices and platforms that can yield a great reword for bad guys. “

    Reply
  2. Kurt Silton says

    May 5, 2017 at 1:26 pm

    I’m not that concerned about these individual devices in my home for the very reasons you state in the article. But, I am very concerned about what Apple, Google, and Amazon are doing with what they have heard other than what the user intended. Can they mine the conversations for marketing opportunities above and beyond what a user intends? Can the government require that Amazon. Apple, Google turn over their data about a user? How much conversation is really stored? What are the privacy implications? And what happens when Google’s server is hacked?

    Reply
  3. Mike says

    May 9, 2017 at 2:45 pm

    I suggest not just businesses, but also home users segment IoT devices from the rest of their network. Short of actually creating two networks, many modern wireless routers offer a guest network which is a better option for these devices, IMO.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use