Amazon sold more than 10 million voice-activated smart speakers in the first three months of 2022 alone – but certain features fall under the remit of third-party providers and could threaten consumer privacy, a cybersecurity firm claims.
Smart speakers are intended as a seamless addition to the home, but that smoothness of function may come at the expense of user privacy, VPNOverview is warning.
“A common misconception is that when users interact with their smart speaker, they assume their data is only collected by first-party developers – Amazon, Google, Apple and so on,” said the company.
But in fact, some of the command functions and other smart skills of Amazon’s speakers are created by third-party developers, presenting consumers with risk when they download these onto their devices. This can include personally identifying data such as account details, it added.
“Some of these third-party skills are not thoroughly moderated compared to skills provided by the manufacturer,” said VPNOverview. “Therefore this can become a gateway for hackers leading to leaks of information, as well as potential eavesdropping.”
“I think there’s been some misunderstanding…”
Moreover, smart speakers can sometimes misinterpret spoken command words, leading to their being turned on or off without the owner realizing – this could lead to awkward messages or calls, or even items being purchased without user knowledge or consent.
“Smart speakers have the ability to purchase items,” said VPNOverview. “This is why Amazon’s Alexa is very popular in kitchens and pantries, as you can purchase household items as and when they run out.”
It added: “By design, smart speakers are ‘always on’ awaiting for its command word. Though there is an option to manually wake the device, this takes away from its purpose and convenience. Smart speakers can misinterpret certain words or phrases as their wake word, ultimately taking action from what was said.”
“Alexa, buy my friend something they don’t want”
Further security risks are posed because, theoretically, anyone – for instance, a mischievous or unscrupulous visitor – can use Alexa and other similar devices to make purchases simply by ordering them to do so.
“One way to deal with this is by making sure two-factor authorisation or two-step verification is enabled on your device,” said VPNOverview. “This will send a code to your phone via text or via an authenticator application, providing an added layer of security for users.”
Amazon dominates a market that saw 30 million smart speakers sold globally in the first quarter of 2022, with Google and Apple shipping six million and four million, respectively.
More from Cybernews:
Subscribe to our newsletter