A Creeping World of Voice-Enabled Cloud Surveillance


We live in a world where Amazon will “use stocking stuffers to take over your home,”  in the words of a CNET article, on the same week FBI director James Comey defends putting tape over his computer's webcam.   What is wrong with this picture?   We are on a steep (and getting rapidly steeper) slope to a cloud-enabled world of surveillance, the dark side (with apologies to The Dark Web) of an always-on, always listening world of voice-enabled devices.

Let's examine the unwritten threat of Amazon's Echo Dot at a mere $49.95 or “Buy 5... get one free.”  Amazon wants you to load up on the little hands-free “voice control” speakers for you to start and adjust music and control the smart devices throughout your home without lifting a finger.   Get the six pack at around $250 and you can cover most or all of the house.

The Echo Dot is a marvel of technology, incorporating an array of seven microphones and a powerful processor to hear questions from any direction “even in noisy environments or while playing music.”

It's always listening.  That's not creepy, right?  Not unless you think about it, mind you. Maybe I'm thinking too much.  Or listening to too much Rockwell. Maybe James Comey and I have the same earworm problem.  

“The more you use Dot, the more it adopts to your speech patterns, vocabulary, and personal preferences,” proclaims Amazon's web page, all to improve Amazon's Alexa speech recognition engine. “And because Echo Dot is always connected” – emphasis mine – “[software] updates are delivered automatically.”

Echo Dot also has “skills” in the form of adding capabilities from third-parties – an area that Apple could have owned with Siri if it hadn't been so blinded by being in love with its own walled-garden mentality.  You can ask Alexa to order an Uber ride, send someone flowers, get pizza, and get your account balance from Capital One bank, just to name a few of the “thousands” of skills available in the Alexa app.   

Adding “skills” is also a big vulnerability, because Alexa becomes a sweet spot for third-party interception of one's personal data, with the spot becoming more attractive the more “skills” an individual adds.

Always-on listening isn't a “new” threat. Most new cell phone models have a low-powered always-on mode to trigger the personal assistant, but the twin Achilles heels for using the phone as a spy microphone are data and battery life – sooner or later you might notice you are going over your data plan way to easily or, if you are with T-Mobile, you are just running through battery too often.

In-home devices don't have those warning flags. Some of Samsung's more expensive Smart TV models were called out earlier this year as having the potential for being a home privacy risk by always listening and feeding the voice input to a third party cloud (Nuance) for processing.  You can turn off the always-listening feature, but such opt-in privacy always strikes me as a bit of a failure.

Consider two scenarios - legal intercept and black hat mischief.  The FBI wants more information on a person of interest and it knows a suspected Bad Actor is tech crazy and security blind.  It gets a court order to tap into the always-on voice stream from all the devices in the household, so Amazon and Nuance get letters that are some extension of CALEA or something else.

 In theory, there are legal checks-and-balances to prevent abuse of lawful intercept, but the reality is law enforcement and national security agencies tend to err on the side of more data collection.  The more pragmatic Big Data check to Big Brother is if everyone starts flooding servers with data, data sets grow so large that it becomes expensive to monitor everyone all the time – there aren't enough federal agents in the day to dig through what Joe Citizen is or isn't doing at any particular minute.

However, if you are a Person of Interest to a hacker, all bets are off.  Samsung TV and Alexa become tools to gather information. (Note to self - Ask Alex Baldwin if he's had a cybersecurity audit recently if he's got Alexa in all his homes). The question becomes where and when can a hacker intercept this flow of information and what types of resources are available to evaluate it.  Interception of voice might occur through duplicating streaming audio before it reaches a cloud-processing site – especially if encryption is not involved – or be more one-stop shopping if the third-party's collection, storage, and processing capabilities are compromised through a back door or inside employee.

Is this crazy?  The director of the FBI and Mark Zuckerberg are putting tape over their webcams.   I'm willing to bet they aren't running out to fill their homes with Alexa and other always-on home devices.  Should you worry?  I don't know. What do you have of interest to someone else?

Edited by Alicia Young

Contributing Editor

Related Articles

Is Your Home Network Safe from Hackers?

By: Special Guest    8/7/2020

You probably have more devices connected to your home network every year -- TVs, robot vacuums, smart home devices, smart lights, smart thermostats, a…

Read More

Cybersecurity must be at the centre of your cloud strategy

By: Special Guest    8/7/2020

NZ is becoming increasingly aware of the risks from cyber attacks. The security alliance with Five Eyes and protection from multinational cybersecurit…

Read More

Turning Data into Stories with Natural Language Generation

By: Erik Linask    7/29/2020

Arria's NLG technology takes the burden of storytelling from data analysts by using artificial intelligence to turn data into narrative.

Read More

Benefits of using bitcoins for business

By: Special Guest    7/29/2020

Bitcoin is a digital cryptocurrency that is used by many people to make payments. Indeed, online retail stores are accepting bitcoins as a mode of pay…

Read More

Intelligent Defect Inspection: How Computer Vision Enhances Quality Control

By: Special Guest    7/28/2020

Business competition pressures manufacturers to produce faster, reduce expenses, and increase efficiencies. But all these requirements run into the qu…

Read More