Is Your Smart Speaker Spying On You?
Those personal assistants everyone seems to be getting for their home are convenient voice-activated tools for an increasing number of tasks. But when Alexa and Google Home are constantly recording and uploading your voice to the cloud, a third-party server, you could potentially be exposing yourself to hackers, government intrusion, and corporate spying. Are these legitimate concerns or paranoid conspiracy?
Amazon Echo and Alexa
By now, almost everyone is familiar with Amazon’s voice-command personal assistant, Alexa – arguably better than Siri, but not quite as intuitive as HAL 9000, though that’s probably for the best. Since the technology was introduced in 2014, a number of iterations from Amazon and Google have been created to put smart speakers in the homes of every consumer.
These speakers are able to play your favorite song, order pizza, activate other smart devices, and maintain your calendar. But some of the other conveniences they can handle involve personal data, like locating your phone, accessing bank account information, and calling your loved ones. All of this is accomplished by having a microphone ready to start recording at any given moment.
These days, new technological advents are a double-edged sword; they’re increasingly convenient, but also increasingly intrusive. That microphone recording your request to order take-out is also uploading it to a cloud server; a third party that is able to do what it wishes with that information.
Now, it would require a lot of data storage to record and save everything, all the time, so the device waits for a wake word to start listening. Your recording is then sent to the cloud to be translated by voice recognition software.
Amazon calls this the Alexa Voice Service, or AVS, which one can access and use to build your own voice assistant with a single-board computer like Raspberry Pi. That’s why the basic versions of the technology, like the Amazon Dot, that don’t include a Bluetooth speaker, can provide the technology so inexpensively; it’s basically just a microphone that sends your voice recordings to software in the cloud.
So, if the technology is that simple, doesn’t that leave it vulnerable to hackers? Yes, it does. In fact, there have been several different successful hacks that have forced Amazon to warn users of design flaws and vulnerabilities.
On Amazon’s pre-2017 technology, one programmer created a malware code that could be installed on Alexa-enabled devices to make it stream recorded conversations directly to his computer. This program was installed by physically removing the rubber bottom and soldering a connection between the device’s internal hardware, an SD card reader, and his laptop.
Though this particular connection would have been blatantly obvious to the person whose device was tapped, he said he would be able to create a 3D-printed plate that could be easily planted and go unnoticed with more time and development.
Amazon’s response? Don’t buy one of their devices from a third party. This might be the only advice needed for most consumers, but for those unfamiliar with the technology, they may be unwittingly spied on in public places where Amazon products are starting to be planted. Last year, the Wynne hotel in Las Vegas announced it would put Echoes in all of its rooms, while Amazon is adamantly targeting other hotel groups to do the same.
But that wasn’t the only instance of someone finding a security flaw in one of these speakers. Hackers have found a way to translate voice commands into high-frequency pitches able to be heard by Alexa but not by you – kind of like a dog whistle. Again, to use this hack you must be close to the speaker, though it’s much more reticent than having to install something.
While just about anything can be hacked by someone with enough know-how, there have been cases in which these devices have been recording everything as soon as they were turned on, straight from the factory. One tech blogger found his Google Home mini-speaker was recording and uploading his conversations without him saying the wake word. Google has since fixed this design oversight, but it goes to show just how easily it could “accidentally” happen.
Can Government Subpoena Your Voice Assistant?
The technology has only been available for a few years and already the police have tried to acquire a warrant to access recordings from one of these always-on devices. In a case in Arkansas, police sought access to an Amazon Echo in the home of a man convicted of murder.
The company refused to hand over the information and told police that there wouldn’t even be anything there unless the wake word was used to activate the device. Eventually, the defendant agreed to allow the police access to the Echo, from which they found no incriminating evidence, and the case was dropped.
But it wasn’t just the Amazon smart speaker that the police and prosecution hoped to find evidence in, it was also his smart water meter. Prosecutors pointed to a large amount of water used between 1-3 a.m., the time it was thought the defendant hosed down his porch to clean off blood from the victim. The defendant said the am/pm function wasn’t accurate and that he used that much water 12 hours earlier to fill the hot tub.
It’s this level of detail that our web of smart devices can unwittingly tell others about our activity. The use of a smart electric meter can even be used to see what television programs we’re watching by matching electricity fluctuations with the brightness of the screen. Essentially, each program creates a unique power signature, that can be matched to monitor your television habits.
Because these devices are recording data and uploading it to a third-party server, it can be made public or sold to advertisers who can calculate your habits with metadata. It’s unclear whether this type of intrusive data collection is actually being employed by many companies, but it’s highly likely. And as more and more of our appliances become part of the Internet of Things or IoT, every time you use them, data will be mined and analyzed in order to monitor your behavior.
The ACLU has proposed a set of rules and regulations that should be adhered to by law enforcement and other third parties for the protection of consumer privacy, though they haven’t been written into any legislation yet. It seems that unless we figure out a way to prevent the sharing of all this personal information from the use of smart utilities, we may be offering up access to every minute detail of our lives.
About the Author
The Reporter Who May Have Learned the Truth Behind JFK's Assassination
Few historical events have sparked as many conspiracy theories as the JFK assassination, but when one looks at the evidence regarding the Kennedys’ history with the country’s organized crime families, it’s hard not to see the mob’s culpability. At least that’s what best-selling author, researcher, and former criminal defense attorney Mark Shaw has detailed over the course of several books, including his most recent titled, “The Reporter Who Knew Too Much.”
The reporter Shaw is referring to is Dorothy Kilgallen, arguably the most famous female journalist of her era, known for a syndicated column in the New York Journal-American, a nationally broadcast CBS radio show listened to by millions, and her role as star panelist of the celebrity game show “What’s My Line?”
Kilgallen met an untimely death in 1965 while investigating a strong suspicion that members of the New Orleans mafia may have been behind JFK’s assassination. Fanning the flames of conspiracy further, Kilgallen’s reported cause of death — acute ethanol and barbiturate intoxication — was uncannily similar to that of Marilyn Monroe, whose alleged suicide has been questioned interminably.
According to Shaw’s research, Kilgallen was one of few people who connected Jack Ruby — the Dallas nightclub owner who murdered Lee Harvey Oswald — to Carlos Marcello, the “Godfather” of the New Orleans mafia. Knowing the Kennedy family’s complicated ties to various mob syndicates, Oswald’s history of living in New Orleans, and Ruby’s affiliations with the mob, Kilgallen followed her instinct. She also happened to be the sole reporter to interview Ruby at his trial, out of hundreds who were present.
In 1965, Kilgallen embarked on an investigative trip to Louisiana to test her hypothesis, bringing only a hairstylist along with her. However, she quickly told him to return to New York and not mention to anyone she was down there. Shaw says he believes she uncovered some damning evidence implicating Marcello’s involvement in the Kennedy assassination, which she quickly realized could cost her her life. Kilgallen returned to New York and planned a return trip to New Orleans to meet a confidential informant, but was found dead just weeks before she was supposed to leave. She described her plans to meet the informant on her second trip as “cloak and daggerish.”
The idea that the mafia was behind Kennedy’s assassination isn’t a new one. It was well known that the family’s patriarch, Joe P. Kennedy Sr. had a convoluted history with a number of well-known figures in organized crime. Kennedy Sr.’s business dealings in Chicago led to his acquaintance with famous mob boss Frank Costello, who claimed the two were involved in bootlegging operations during prohibition. Though Kennedy Sr. denied this connection, he continued to build his vast fortune through exclusive distribution rights for world-renowned brands of scotch and other imported liquors when prohibition ended.
