Are Voice-Enabled Devices Prioritizing Convenience Over Security?

Are voice-enabled devices making you more vulnerable to cyberattack?

• By Sydny Shepard
• Apr 16, 2019

Your voice is unique, so it should be secure, right? Not if hackers have something to say about it.

Voice has become an integral part of our modern lives with nearly half of Americans using digital assistants. But as voice assistants bring convenience, are they also bringing security issues along with them? Without the proper protections in place, if you can access your phone, home or car with your voice, hackers could do the same.

I was interested in how the rise of voice-assistant-equipped cars, locks and phones makes for a hackers playground, so I asked Monique Becenti, product and channel specialist at SiteLock, about the risks of voice technology as well as best practices for using voice-enabled security features.

What are the potential security consequences of the rise in voice-enabled technology for unlocking homes and cars?

The safety of an individual could be at risk when using voice-enabled technology, like Amazon Alexa, to secure their homes or start their car. For example, an attacker could exploit a vulnerability in a voice-enabled front door lock and go as far as to steal a homeowner’s valuable belongings.

How can hackers get access to the consumer voices used to unlock these devices? How can bad actors exploit consumer voices?

Cybercriminals can exploit vulnerabilities found within the firmware installed on voice-enabled technology to gain access without ever using an individual’s voice. This can be done through undetected commands embedded within white noise to exploit a voice-enabled device, such as unlocking the user's car. Even more alarming, attackers may target specific victims by secretly recording a sample of their voice and playing it back to unlock the system. As a best practice, users should be aware of their surroundings when using any voice-enabled technology to ensure their safety. Additionally, users should change the default settings and password, implement two-factor authentication, and enable SSL encryption to ensure their security on the physical device.

What security issues come along with other types of smart home devices?

Smart home devices are vulnerable to security issues and could be used in larger distributed denial of service (DDoS) attacks if they’re not properly secured. For example, while under a DDoS attack, a victim’s door locks and security cameras could be rendered completely inoperable. These safety concerns could be mitigated with stronger security policies, starting at the manufacturer. This would also force developers to focus on security protocols—such as, secure firmware and the capability to perform security updates—during the design stage.

What are some best practices for protecting connected devices from hackers and how can consumers balance the convenience of voice and connected technology with the risks?

Consumers should always proceed with caution when using voice-enabled devices. Balancing convenience with security risks is possible if consumers are diligent in researching their devices before purchasing. For starters, consumers should ensure the device’s firmware has the capability to be updated in the event a security vulnerability. Another easy way is by reviewing the manufacturer's security policy and website for any bad reviews or negative press regarding the product’s security. Finally, consumers should know and understand how to take action if their security is compromised. For example, a manufacturer could be held liable if a user’s safety is proven to be compromised due to an attacker exploiting a vulnerability or if the voice command feature was faulty.