Are Voice-Enabled Devices Prioritizing Convenience Over Security?

Are Voice-Enabled Devices Prioritizing Convenience Over Security?

Are voice-enabled devices making you more vulnerable to cyberattack?

Your voice is unique, so it should be secure, right? Not if hackers have something to say about it.

Voice has become an integral part of our modern lives with nearly half of Americans using digital assistants. But as voice assistants bring convenience, are they also bringing security issues along with them? Without the proper protections in place, if you can access your phone, home or car with your voice, hackers could do the same.

I was interested in how the rise of voice-assistant-equipped cars, locks and phones makes for a hackers playground, so I asked Monique Becenti, product and channel specialist at SiteLock, about the risks of voice technology as well as best practices for using voice-enabled security features.

What are the potential security consequences of the rise in voice-enabled technology for unlocking homes and cars?

The safety of an individual could be at risk when using voice-enabled technology, like Amazon Alexa, to secure their homes or start their car. For example, an attacker could exploit a vulnerability in a voice-enabled front door lock and go as far as to steal a homeowner’s valuable belongings.

How can hackers get access to the consumer voices used to unlock these devices? How can bad actors exploit consumer voices?

Cybercriminals can exploit vulnerabilities found within the firmware installed on voice-enabled technology to gain access without ever using an individual’s voice. This can be done through undetected commands embedded within white noise to exploit a voice-enabled device, such as unlocking the user's car. Even more alarming, attackers may target specific victims by secretly recording a sample of their voice and playing it back to unlock the system. As a best practice, users should be aware of their surroundings when using any voice-enabled technology to ensure their safety. Additionally, users should change the default settings and password, implement two-factor authentication, and enable SSL encryption to ensure their security on the physical device.

What security issues come along with other types of smart home devices?

Smart home devices are vulnerable to security issues and could be used in larger distributed denial of service (DDoS) attacks if they’re not properly secured. For example, while under a DDoS attack, a victim’s door locks and security cameras could be rendered completely inoperable. These safety concerns could be mitigated with stronger security policies, starting at the manufacturer. This would also force developers to focus on security protocols—such as, secure firmware and the capability to perform security updates—during the design stage.

What are some best practices for protecting connected devices from hackers and how can consumers balance the convenience of voice and connected technology with the risks?

Consumers should always proceed with caution when using voice-enabled devices. Balancing convenience with security risks is possible if consumers are diligent in researching their devices before purchasing. For starters, consumers should ensure the device’s firmware has the capability to be updated in the event a security vulnerability. Another easy way is by reviewing the manufacturer's security policy and website for any bad reviews or negative press regarding the product’s security. Finally, consumers should know and understand how to take action if their security is compromised. For example, a manufacturer could be held liable if a user’s safety is proven to be compromised due to an attacker exploiting a vulnerability or if the voice command feature was faulty.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities