A Creeping World of Voice-Enabled Cloud Surveillance

By Doug Mohney September 16, 2016

We live in a world where Amazon will “use stocking stuffers to take over your home,”  in the words of a CNET article, on the same week FBI director James Comey defends putting tape over his computer's webcam.   What is wrong with this picture?   We are on a steep (and getting rapidly steeper) slope to a cloud-enabled world of surveillance, the dark side (with apologies to The Dark Web) of an always-on, always listening world of voice-enabled devices.

Let's examine the unwritten threat of Amazon's Echo Dot at a mere $49.95 or “Buy 5... get one free.”  Amazon wants you to load up on the little hands-free “voice control” speakers for you to start and adjust music and control the smart devices throughout your home without lifting a finger.   Get the six pack at around $250 and you can cover most or all of the house.

The Echo Dot is a marvel of technology, incorporating an array of seven microphones and a powerful processor to hear questions from any direction “even in noisy environments or while playing music.”

It's always listening.  That's not creepy, right?  Not unless you think about it, mind you. Maybe I'm thinking too much.  Or listening to too much Rockwell. Maybe James Comey and I have the same earworm problem.  

“The more you use Dot, the more it adopts to your speech patterns, vocabulary, and personal preferences,” proclaims Amazon's web page, all to improve Amazon's Alexa speech recognition engine. “And because Echo Dot is always connected” – emphasis mine – “[software] updates are delivered automatically.”

Echo Dot also has “skills” in the form of adding capabilities from third-parties – an area that Apple could have owned with Siri if it hadn't been so blinded by being in love with its own walled-garden mentality.  You can ask Alexa to order an Uber ride, send someone flowers, get pizza, and get your account balance from Capital One bank, just to name a few of the “thousands” of skills available in the Alexa app.   

Adding “skills” is also a big vulnerability, because Alexa becomes a sweet spot for third-party interception of one's personal data, with the spot becoming more attractive the more “skills” an individual adds.

Always-on listening isn't a “new” threat. Most new cell phone models have a low-powered always-on mode to trigger the personal assistant, but the twin Achilles heels for using the phone as a spy microphone are data and battery life – sooner or later you might notice you are going over your data plan way to easily or, if you are with T-Mobile, you are just running through battery too often.

In-home devices don't have those warning flags. Some of Samsung's more expensive Smart TV models were called out earlier this year as having the potential for being a home privacy risk by always listening and feeding the voice input to a third party cloud (Nuance) for processing.  You can turn off the always-listening feature, but such opt-in privacy always strikes me as a bit of a failure.

Consider two scenarios - legal intercept and black hat mischief.  The FBI wants more information on a person of interest and it knows a suspected Bad Actor is tech crazy and security blind.  It gets a court order to tap into the always-on voice stream from all the devices in the household, so Amazon and Nuance get letters that are some extension of CALEA or something else.

 In theory, there are legal checks-and-balances to prevent abuse of lawful intercept, but the reality is law enforcement and national security agencies tend to err on the side of more data collection.  The more pragmatic Big Data check to Big Brother is if everyone starts flooding servers with data, data sets grow so large that it becomes expensive to monitor everyone all the time – there aren't enough federal agents in the day to dig through what Joe Citizen is or isn't doing at any particular minute.

However, if you are a Person of Interest to a hacker, all bets are off.  Samsung TV and Alexa become tools to gather information. (Note to self - Ask Alex Baldwin if he's had a cybersecurity audit recently if he's got Alexa in all his homes). The question becomes where and when can a hacker intercept this flow of information and what types of resources are available to evaluate it.  Interception of voice might occur through duplicating streaming audio before it reaches a cloud-processing site – especially if encryption is not involved – or be more one-stop shopping if the third-party's collection, storage, and processing capabilities are compromised through a back door or inside employee.

Is this crazy?  The director of the FBI and Mark Zuckerberg are putting tape over their webcams.   I'm willing to bet they aren't running out to fill their homes with Alexa and other always-on home devices.  Should you worry?  I don't know. What do you have of interest to someone else?

Edited by Alicia Young

Contributing Editor

Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More