Living in the Internet of Things (IoT) era means homes are becoming more accessible and comfortable; however, with these advances, the complexity and scope of potential threats to home security have also grown. One device raising eyebrows within the security industry is the 'smart speaker,' such as Amazon Echo (Alexa), Google Home, and Apple's Homepod (Siri).
The Booming Threat: An Insight into Smart Speaker Vulnerabilities
These smart speakers have become commonplace in homes worldwide, providing a wide range of in-home convenience, from automating mundane tasks to providing near-instantaneous access to a wealth of knowledge. But every silver lining has a cloud. One significant concern with modern smart speakers is the need for a default voice verification system. This security issue means the devices will accept commands from any voice as long it is intelligible, casting an open invitation to potential bad actors. As hackers are not required to utilize voice-cloning of the victim, it's relatively easy for an attacker to manipulate these devices.
Understanding How Smart Speaker Attacks Work
The way this attack happens is simple but should not be taken lightly. Attackers don't need to get inside your home to determine what kind of smart speaker you have. They stand outside your house, even from the other side of doors or windows, and play around with different 'wake words' – the words that start up your smart speaker.
They use a simple tool, a portable loudspeaker, to ensure their commands are loud enough for your smart speaker to hear and follow. In tests, voices at 65 decibels (around the level of a normal conversation) don't always get through doors or windows. But with a louder, male-sounding voice at about 85 decibels (this would be like standing next to a running blender or noisy traffic), their success rate in making the smart speaker do what they want is a worrying 100%.
Unwelcomed Commands: Audio Injections
Here's what's alarming about having these smart speakers all around us and linked to our home security systems. People with wrong intentions can slip in directions or 'audio injections' that cause some serious safety issues. These directions can switch off the alarm system or even unlock your front door, giving these people an easy way inside your once-secure home. The most troubling bit is that intruders can make their way into your house not using traditional break-in tools but by saying things like "Hey Google/Alexa, disarm" or "Hey Google/Alexa, unlock the front door."
Practical Steps to Mitigate Risks
Yes, these smart speakers have some security issues. But don't worry, there are things you can do to keep your home safe. To stop these voice-controlled attacks, you can do some changes to your house and think about where you put your smart speakers.
One good idea is to use certain materials when you build or fix up your house. Things like concrete blocks or a double layer of drywall can help block sound from outside, including voices. These materials have special scores (called STC values) of 50 or higher, which means they're good at stopping sound. You can also use materials made just for blocking sound, like for your walls, windows, or doors.
Another thing that can really make a difference is where you put your smart speakers. Even though it might be handy to have them near windows or the main entrance, those spots make it easier for outside voices to take control. By placing your speakers away from these areas, you add an extra level of security.
So, even though the digital world has given us smart speakers, they do come with some risks. It's important that everyone, whether you own your home or are renting, knows why these smart speakers can be a risk and what you can do about it. But if you're smart about where you place these speakers and what your home is made of, you can enjoy the extra help these devices give you while still keeping your home safe and sound.
Sign up for Home Defense Institute
Discover the essential strategies and techniques needed to defend your home and loved ones from potential threats.
No spam. Unsubscribe anytime.