Why You Need to Turn Off Your Amazon Alexa While Working from Home
Don't forget: Alexa is always listening.
In a matter of months, our world has changed completely. COVID-19 has shut down schools, closed restaurants and sports stadiums, and resulted in more people working from home than ever before. While many of these workers are staying home to avoid contracting the virus and contributing to the spread, there’s one risk lurking within their walls that they may have failed to consider: their Amazon Alexa and other similar smart home devices. They may not be a threat to your health, but they could be a threat to your privacy.
Working in the presence of Alexa
In April 2019, Time published a story titled “Thousands of Amazon Workers Listen to Alexa Users’ Conversations.” Amazon admitted to this Alexa voice-review process, claiming it was part of improving the customer experience. But obviously, random Amazon workers listening in on your calls could pose a concern if you’re conducting confidential business. And that’s just one of the security risks you have to worry about.
“Many so-called smart devices have proven to be rather dumb in actuality,” says cybersecurity consultant Dave Hatter, adding that these devices are often rushed to market with security and privacy as a mere afterthought. “Smart speakers, aka virtual assistants or digital assistants, have had their share of issues. There are many documented instances of smart speakers listening when they shouldn’t be and capturing information that could be embarrassing, if not damning, in some instances.” As an example, he points a 2019 Consumer Reports story that notes how the smart speakers may sometimes misinterpret the wake word and begin listening and recording when they shouldn’t. Those voice recordings can be accessible to Amazon employees for days, weeks, and even months after the fact.
So, what does all of this mean for you?
One big risk that smart speakers like Amazon Alexa pose is making you vulnerable to hackers. “Not only can a vulnerability in a single IoT device expose an entire Wi-Fi network—it can potentially also serve as a Trojan horse in an attack on the manufacturer,” explains Jan Youngren, a cybersecurity expert and researcher at VPNpro.com. (For those unaware, an loT device is any device besides a standard computer that connects wirelessly to a network and can transmit data). Youngren further explains that “info available through social media, in addition to data from smart watches, health trackers, and other IoT devices, makes for a sophisticated social engineering attack that can cost vulnerable users lots of money.” This is always a risk, but when you’re working from home, it means that hackers could now have access to confidential work data.
Then there’s the risk that your private work conversations may not be all that private, warns tech expert Burton Kelso. “When chatting on the phone or on a video call, you could accidentally activate Alexa’s recording feature,” Kelso warns. “While recording a conversation is not bad, having a confidential conversation get uploaded to the Cloud isn’t a good thing.” You could also accidentally activate Alexa’s call feature and unwittingly call someone (even a stranger) in the middle of your conversation. And if you have an Alexa Show, Kelso adds, a hacker could get access to your camera. Did you know that these other things in your home could also be spying on you?
Balancing utility and privacy
Yagi Studio/Getty Images“Smart speaker manufacturers have to balance a fine line between making the speaker easy to use (so the wake word must be interpreted liberally) versus privacy and security, which could make the speaker frustrating to use when it’s not responsive,” Hatter explains. “It’s a tricky balance.” The problem, he says, is that these speakers sometimes think they hear the wake word when that may not have been the intention of the person speaking, or when it was spoken by the television or radio.
“The bottom line is that it could be activated under a number of circumstances that could lead to trouble,” Hatter says. “For example, a work-related conversation about trade secrets, or a conversation with an attorney or doctor. Additionally, recorded conversations could be hacked or leaked. And if these devices are not configured correctly and patched when updates are released, they could be used as an entry point into a user’s network. There is a potential privacy/security double whammy.” Don’t miss these other cybersecurity secrets hackers don’t want you to know.
Playing it safe while you work
“First and foremost, configure your router to prevent UPnP (Universal Plug and Play) IoT devices from making changes,” Youngren says. These devices increase your vulnerability to hackers, but you can disable UPnP access through your router’s settings. “This will prevent hackers from reaching them [through your Wi-Fi]. If possible, change the log-in credentials for your IoT devices: Even if hackers reach a log-in screen, they’ll have to work to go any further.”
These are the steps you should always take, but Kelso recommends going even further while you’re working. “The best piece of advice is to just unplug your Alexa device when you are having personal and confidential conversations,” he says. “If you are having sensitive voice and video conversations in a room that has an Amazon Alexa device, you probably need to move to another location in your house.”
And what about those pesky hackers? Kelso says they like to use “credential stuffing,” a type of cyberattack involving leaked lists of account names and passwords, to get into your online account. “Make sure you are using a secure password for your Amazon account and change it on a regular basis to keep the bad guys out of your account and Amazon-connected devices.”
Can you disable certain features while allowing others?
In most cases, you should be able to go to your security preferences for each individual device and allow, or disallow, cameras and microphones, Youngren notes. This is something you might want to do if you rely on your Alexa to monitor activity in your home, like using Alexa Show to see who is at the front door with your Ring Camera or viewing activity with your Blink Camera. “On older Alexa devices, you can hit the mute button to silence the microphone,” Kelso says. “Alexa Show devices have a camera. The mute button will also then mute the camera on older Alexa Show devices. If you have a newer Alexa Show, you can disable the camera with a privacy shutter.”
According to Forbes, when you mute your Alexa, it stops listening in. But then, of course, you lose many of the features you typically rely on Alexa for. Here are 11 things you probably didn’t know Alexa could do.
Erasing your tracks
How else can you make sure that Alexa minds her own business? Check your recordings at the end of each day. “Alexa does allow you to go into your account to delete your recordings,” Kelso says. “Just delete them in the Alexa app. You also have the option to ask Alexa to delete your recordings, but you’ll need to enable the setting first. Then you can say, ‘Alexa, delete what I just said’ or ‘Alexa, delete everything I said today.'”
To enable deleting by voice command, go into your Alexa app, select Settings > Alexa Account > Alexa Privacy > Voice History. Once there, you can select Enable Deletion by Voice.
“Additionally, you can stop Amazon employees from listening to your conversations,” Kelso explains. You can do this by going to Settings > Alexa Privacy > Manage Your Alexa Data. From there, toggle off the setting that says Use Voice Recordings to Improve Amazon Services.
Of course, all of this is assuming you still want to continue using your Amazon Alexa. “Probably not a surprise, but I don’t have any of these types of devices,” Hatter says. “So my general advice is to disconnect and discard them. If you are unwilling to do that, you should unplug them during work hours.” Sounds like you may have some decisions to make. Next, find out the 9 ways you didn’t realize the government could be spying on you.