Is Your Smart Speaker Spying On You?
Those personal assistants everyone seems to be getting for their home are convenient voice-activated tools for an increasing number of tasks. But when Alexa and Google Home are constantly recording and uploading your voice to the cloud, a third-party server, you could potentially be exposing yourself to hackers, government intrusion, and corporate spying. Are these legitimate concerns or paranoid conspiracy?
Amazon Echo and Alexa
By now, almost everyone is familiar with Amazon’s voice-command personal assistant, Alexa – arguably better than Siri, but not quite as intuitive as HAL 9000, though that’s probably for the best. Since the technology was introduced in 2014, a number of iterations from Amazon and Google have been created to put smart speakers in the homes of every consumer.
These speakers are able to play your favorite song, order pizza, activate other smart devices, and maintain your calendar. But some of the other conveniences they can handle involve personal data, like locating your phone, accessing bank account information, and calling your loved ones. All of this is accomplished by having a microphone ready to start recording at any given moment.
These days, new technological advents are a double-edged sword; they’re increasingly convenient, but also increasingly intrusive. That microphone recording your request to order take-out is also uploading it to a cloud server; a third party that is able to do what it wishes with that information.
Now, it would require a lot of data storage to record and save everything, all the time, so the device waits for a wake word to start listening. Your recording is then sent to the cloud to be translated by voice recognition software.
Amazon calls this the Alexa Voice Service, or AVS, which one can access and use to build your own voice assistant with a single-board computer like Raspberry Pi. That’s why the basic versions of the technology, like the Amazon Dot, that don’t include a Bluetooth speaker, can provide the technology so inexpensively; it’s basically just a microphone that sends your voice recordings to software in the cloud.
So, if the technology is that simple, doesn’t that leave it vulnerable to hackers? Yes, it does. In fact, there have been several different successful hacks that have forced Amazon to warn users of design flaws and vulnerabilities.
On Amazon’s pre-2017 technology, one programmer created a malware code that could be installed on Alexa-enabled devices to make it stream recorded conversations directly to his computer. This program was installed by physically removing the rubber bottom and soldering a connection between the device’s internal hardware, an SD card reader, and his laptop.
Though this particular connection would have been blatantly obvious to the person whose device was tapped, he said he would be able to create a 3D-printed plate that could be easily planted and go unnoticed with more time and development.
Amazon’s response? Don’t buy one of their devices from a third party. This might be the only advice needed for most consumers, but for those unfamiliar with the technology, they may be unwittingly spied on in public places where Amazon products are starting to be planted. Last year, the Wynne hotel in Las Vegas announced it would put Echoes in all of its rooms, while Amazon is adamantly targeting other hotel groups to do the same.
But that wasn’t the only instance of someone finding a security flaw in one of these speakers. Hackers have found a way to translate voice commands into high-frequency pitches able to be heard by Alexa but not by you – kind of like a dog whistle. Again, to use this hack you must be close to the speaker, though it’s much more reticent than having to install something.
While just about anything can be hacked by someone with enough know-how, there have been cases in which these devices have been recording everything as soon as they were turned on, straight from the factory. One tech blogger found his Google Home mini-speaker was recording and uploading his conversations without him saying the wake word. Google has since fixed this design oversight, but it goes to show just how easily it could “accidentally” happen.
Can Government Subpoena Your Voice Assistant?
The technology has only been available for a few years and already the police have tried to acquire a warrant to access recordings from one of these always-on devices. In a case in Arkansas, police sought access to an Amazon Echo in the home of a man convicted of murder.
The company refused to hand over the information and told police that there wouldn’t even be anything there unless the wake word was used to activate the device. Eventually, the defendant agreed to allow the police access to the Echo, from which they found no incriminating evidence, and the case was dropped.
But it wasn’t just the Amazon smart speaker that the police and prosecution hoped to find evidence in, it was also his smart water meter. Prosecutors pointed to a large amount of water used between 1-3 a.m., the time it was thought the defendant hosed down his porch to clean off blood from the victim. The defendant said the am/pm function wasn’t accurate and that he used that much water 12 hours earlier to fill the hot tub.
It’s this level of detail that our web of smart devices can unwittingly tell others about our activity. The use of a smart electric meter can even be used to see what television programs we’re watching by matching electricity fluctuations with the brightness of the screen. Essentially, each program creates a unique power signature, that can be matched to monitor your television habits.
Because these devices are recording data and uploading it to a third-party server, it can be made public or sold to advertisers who can calculate your habits with metadata. It’s unclear whether this type of intrusive data collection is actually being employed by many companies, but it’s highly likely. And as more and more of our appliances become part of the Internet of Things or IoT, every time you use them, data will be mined and analyzed in order to monitor your behavior.
The ACLU has proposed a set of rules and regulations that should be adhered to by law enforcement and other third parties for the protection of consumer privacy, though they haven’t been written into any legislation yet. It seems that unless we figure out a way to prevent the sharing of all this personal information from the use of smart utilities, we may be offering up access to every minute detail of our lives.
Removing Smart Meters
Mysterious Booms Heard Around the World Leaving People Perplexed
In recent years, there have been hundreds of reported cases of startling, deafening booms that have shaken entire cities across the globe. Some say the noises have terrified them and their pets, or that the mysterious booms sound as if they’re coming from their own living rooms.
Others give more colorful analogies, describing the booming as someone firing a cannonball off a boat. But one thing is for sure: many people are experiencing earth- and house-shaking booms that defy explanation — and there are a multitude of guesses as to what’s causing them.
Loud Booms Heard Around the World
Though reports of mysterious booms have not been broadcast on national television, stories of them have been echoing through a network of communities. The penetrating sounds have been heard all times of the day and night, and residents of the areas impacted have flooded 9-1-1 dispatches, as well as local television and radio stations, with accounts of being scared out of bed — and trying to get to the bottom of whatever it is that’s disturbing the peace and setting off car alarms.
According to one report on March 26, 2019, a loud boom heard across several counties in the Piedmont Triad area of North Carolina was massive enough to register on seismographs. The explanation? Authorities attributed it to an earthquake.
But a few months prior to the North Carolina events, similar loud booms occurred not too far away, in Maryville, Tennessee, as well. Experts at the United States Geological Society (USGS) initially concluded that the booms were earthquakes, but later changed their minds and reported that they were caused by a nearby quarry blast.
Later, USGS authorities again changed their story and declared that the sound was the result of an earthquake caused by a quarry blast. And then, Carl VanHoozier, Community Relations Manager at Vulcan Materials Company, informed Knoxville’s WVLT News that a quarry blast couldn’t have caused such a ruckus.
Next, Robert Hatcher, PhD, University of Tennessee’s distinguished professor of geology, came to the fore and told WVLT News that the earthquake idea was nonsense. He said, “‘Usually a rumble, people who have been in earthquakes describe the noise as a train that comes in. It’s a rumble that comes in, that’s the earthquake’s way of coming through the earth. And so you hear a rumble, there’s not a boom or something like that.’”