- Key issues
Alexa! Who’s listening?
With sales of Smart Speakers booming, what happens when Big Tech gets sloppy and allows strangers to get hold of our voice files? What are the risks, and what can you do to protect yourself?
Fri 4 March 2022
Sometimes we simply forget all our fears and end up inviting Alexa to share our bedroom or bathroom. What's wrong with having a chat with Amazon's virtual assistant in the privacy of our own homes you might ask? Well, potentially everything if Amazon gets sloppy and sends your voice files to strangers, which allegedly they’ve done in the past!
With everyone spending more time at home during the pandemic, sales of smart speakers (which are voice-enabled products such as the Amazon Echo and Google's Nest Mini) are booming. According to Amazon, 65 million Amazon Echo speakers were sold in 2021 alone.
A seemingly big obstacle to these devices’ overall success, is the fact that consumers have been increasingly worried about tech privacy in recent years, fuelled by numerous media stories about what smart speakers can capture and share.
Some cyber-security researchers have found a certain vulnerability on Amazon's Alexa voice assistant that gives hackers access to users' entire voice history and personal data associated with their Alexa account. These hackers then exploit the newly discovered Amazon Alexa bug by tricking Alexa users into clicking a malicious Amazon link. By doing so, the attacker impersonates the user to access their audio recording, the list of installed Alexa Skills, and personal information. Although Amazon acknowledges this vulnerability, they deny that hackers could access bank information.
Whatever the case, we suggest you are careful at what you say to Alexa and take every precaution to keep your voice-enabled devices secure.
Let's look at what we know:
Are Alexa and your smart speaker spying on you?
The short answer is yes, Alexa is always listening to you. Or rather the microphone on your Alexa smart speaker is always active (by default, at least) and is constantly monitoring voices in your home to hear its 'wake word'.
How secure is Alexa?
According to Amazon, Alexa recordings are stored securely on the Amazon Web Services cloud, and the company does not release customer information without a "valid and binding legal demand properly served".
You're probably thinking, "Does it matter where I put it as long as I can give an Alexa command from most areas in my house?" The answer is yes. Placing your Alexa device in certain areas of your house could risk your privacy or even damage your Echo – you should avoid placing the device in your bathroom and bedroom.
Is Alexa recording all the time?
For many of us, the issue arises when we hear that Alexa is always recording our conversations, even when we haven't "woken" her up. Officially, Amazon advertises that its Alexa and Echo devices are not programmed to record or store information unless they are specifically activated.
How do you know Alexa is recording you?
Tap into the menu bar on the left-hand side and then tap Settings. Next tap Alexa Privacy, and then go into Review Voice History. This is where you can check up on all the voice recordings Alexa has captured for you. The problem is that your device will pick up fragments of your private conversations that are not intended to be a command. People are not aware that recordings are stored until you delete them.
So, what steps can you take to secure your Alexa-enabled device?
1] Change the Alexa wake word.
The distributors of the Amazon ECHO suggest you always change the word that activates your recording. Our suggestion is you choose a word that you are less likely to use in everyday conversations, to ensure Alexa will record only when you intend it to. Also, remember that Alexa-enabled devices can pick up strangers' voices through closed doors and windows. You can also turn off the microphone to stop it from listening entirely.
2] Delete yesterday’s recordings
A really important step is to delete old Alexa recordings every day, especially those which might compromise you and your family.
Amazon allows you to delete your data quickly and efficiently – which we suggest you do every single day. Just simply say to "Alexa, delete what I said today" and your Alexa-enabled device will delete your daily recordings.
But remember to double-check that this has been done. Even if you delete your daily recordings, you may still have an archive. Go into the Alexa app and select Settings>Alexa Account>History. Go through manually and delete all your past recordings.
3] Pick a strong Amazon password that you don't use on other sites.
People often forget that their Alexa devices are secured and protected by the Amazon password. But if someone gets hold of your Amazon password, they can access your Alexa recordings and much more. If you're using a weak password or one that you use for multiple accounts, we suggest you change it immediately.
4] Set up a pin for all voice purchases.
While you must have voice purchases "enabled" and you must have a one-click payment method set up to make them, it's a good idea to take extra precautions by adding a purchase code. This acts like a PIN and requires the purchaser to say a four-digit configuration code before making any voice purchases. Go to Settings>Alexa Account> Voice Purchases. When you enable this function, it will give you the option to set up a purchase code.
5] Secure your home network.
Your smart-home devices are only as secure as the network that you connect to. We always suggest you change the default name and password for your wireless network and enable the Wi-Fi Protected Access II (WPA2 or, better still, WPA3) protocol on your router. Regularly check for and install firmware updates for all your gadgets including Alexa devices.
6] Stop Alexa listening to you.
In the Alexa app, go to Settings > Alexa Privacy > Manage Your Alexa Data. From here, select Choose How Long to Save Recordings > Don't Save Recordings > Confirm. Next, scroll down to Help Improve Alexa, and switch the Use of Voice Recordings to off.
We suggest minimising the risk you turn off your Alexa microphone if you don't plan on using your device. Simply, press the microphone on/off button located on the top of the device and Alexa will stop listening. Likewise turn off the camera on all Alexa devices by either using your voice to say "Alexa, turn the camera off' or go to Settings>Device Options> and then turn off the Enable Camera Option.
Finally, some people are concerned that Amazon have employees that are paid to listen to Alexa recordings.
Is this true? The simple answer is Yes, but they are listening to the recordings where there was a failure in translation. They do not know who you are. They do not listen to you all the time, only what is said while the BLUE RING is on. You can always opt-out of the improvement program by doing the following:
- In the Alexa app, slide out the menu and tap on Settings.
- Select Alexa Privacy.
- Tap Manage How Your Data Improves Alexa.
- Turn "Help Improve Amazon Services and Develop New Features" off by tapping the switch.
- Confirm your decision.
You can find out more about Alexa, its security and privacy and manage your Alexa data by visiting: https://www.amazon.co.uk/alexa-privacy/apd/home