11.07.19

How to safely manage your voice-controlled gadgets

Devices with voice recognition became much more common throughout the 2010s. The addition of Siri to the iPhone 4S in 2011 spurred major competition among tech vendors looking to put voice-powered assistants at the center of how end users interact with their phones, tablets, speakers and smart TVs. Google Assistant and Amazon Alexa, among others, joined the race and are now ubiquitous.

Voice controls

If you’re concerned about what data a device such as a smart speaker is collecting and retaining, you can review the recordings for your Amazon Alexa or Google Home device online.

Voice controls make it more convenient to perform certain tasks that would otherwise require more complicated input. For example, having to type out a long search query with a TV remote is tedious, while simply speaking the same search takes only a few seconds. Similar ease of use applies to finding and playing specific songs or playlists and controlling various Internet of Things (IoT) devices such as connected light bulbs.

However, there is some added cybersecurity risk from all of this new reliance on voice commands. Anyone who has picked up an iPhone and long-pressed its home or sleep/wake button knows that doing so will activate Siri and allow for immediate actions without having to enter its PIN or provide biometric authentication. Moreover, many connected devices are constantly listening in the background for keywords – a major privacy concern.

Let’s look at what you should be aware of when using voice recognition technology, as well as what you can do to stay safe.

Your device is listening to you, but waiting for its wake word

“OK Google.” “Hey Siri.” “Alexa.” These are known as “wake words” because they alert a voice-controlled device to begin interpreting your command. Some devices, like the Apple TV remote, also have a button to initiate this process. Before you say the magic words, though, the device is listening in the background to ensure it can hear the appropriate triggers. Normally, this isn’t a problem, although software errors have resulted in recordings being initiated too early.

You can review and delete your Amazon Alexa and Google Home recordings

If you’re concerned about what data a device such as a smart speaker is collecting and retaining, you can review the recordings for your Amazon Alexa or Google Home device online. Both platforms provide an option to listen to and delete those records, which might be a good idea since they could potentially be breached or even used in a legal proceeding if they were still intact.

You can disable a device’s microphone or ability to make purchases

These two actions can enhance privacy and security. Devices may have a button or software setting that turns off their mics, in which case they won’t respond to wake words or be vulnerable to background chatter that might be misinterpreted as commands. On Amazon Alexa devices, it’s also possible to disable purchasing by voice or to require a numeric PIN for any attempted transaction. Apple devices can also be configured to require TouchID or FaceID for purchases. Such features should be enabled if you’re concerned about kids ordering items online.

You can protect your connected accounts with two-factor authentication

Whether you rely on Siri, Google Assistant, Amazon Alexa or some combination thereof, each of the devices in question is likely connected to a personal account. It’s a good idea to configure two-factor authentication (2FA) for these accounts so that someone can’t easily log into them and see your voice interaction history. With 2FA enabled, each login attempt requires a credential like an SMS code in addition to a correct username and password.

Total Defense can provide extra peace of mind for your online presence through solutions such as Ultimate Internet Security. Learn more on the main product page, and be sure to check out our security tips of the day, too.