A Creeping World of Voice-Enabled Cloud Surveillance

By

We live in a world where Amazon will “use stocking stuffers to take over your home,”  in the words of a CNET article, on the same week FBI director James Comey defends putting tape over his computer's webcam.   What is wrong with this picture?   We are on a steep (and getting rapidly steeper) slope to a cloud-enabled world of surveillance, the dark side (with apologies to The Dark Web) of an always-on, always listening world of voice-enabled devices.

Let's examine the unwritten threat of Amazon's Echo Dot at a mere $49.95 or “Buy 5... get one free.”  Amazon wants you to load up on the little hands-free “voice control” speakers for you to start and adjust music and control the smart devices throughout your home without lifting a finger.   Get the six pack at around $250 and you can cover most or all of the house.

The Echo Dot is a marvel of technology, incorporating an array of seven microphones and a powerful processor to hear questions from any direction “even in noisy environments or while playing music.”

It's always listening.  That's not creepy, right?  Not unless you think about it, mind you. Maybe I'm thinking too much.  Or listening to too much Rockwell. Maybe James Comey and I have the same earworm problem.  

“The more you use Dot, the more it adopts to your speech patterns, vocabulary, and personal preferences,” proclaims Amazon's web page, all to improve Amazon's Alexa speech recognition engine. “And because Echo Dot is always connected” – emphasis mine – “[software] updates are delivered automatically.”

Echo Dot also has “skills” in the form of adding capabilities from third-parties – an area that Apple could have owned with Siri if it hadn't been so blinded by being in love with its own walled-garden mentality.  You can ask Alexa to order an Uber ride, send someone flowers, get pizza, and get your account balance from Capital One bank, just to name a few of the “thousands” of skills available in the Alexa app.   

Adding “skills” is also a big vulnerability, because Alexa becomes a sweet spot for third-party interception of one's personal data, with the spot becoming more attractive the more “skills” an individual adds.

Always-on listening isn't a “new” threat. Most new cell phone models have a low-powered always-on mode to trigger the personal assistant, but the twin Achilles heels for using the phone as a spy microphone are data and battery life – sooner or later you might notice you are going over your data plan way to easily or, if you are with T-Mobile, you are just running through battery too often.

In-home devices don't have those warning flags. Some of Samsung's more expensive Smart TV models were called out earlier this year as having the potential for being a home privacy risk by always listening and feeding the voice input to a third party cloud (Nuance) for processing.  You can turn off the always-listening feature, but such opt-in privacy always strikes me as a bit of a failure.

Consider two scenarios - legal intercept and black hat mischief.  The FBI wants more information on a person of interest and it knows a suspected Bad Actor is tech crazy and security blind.  It gets a court order to tap into the always-on voice stream from all the devices in the household, so Amazon and Nuance get letters that are some extension of CALEA or something else.

 In theory, there are legal checks-and-balances to prevent abuse of lawful intercept, but the reality is law enforcement and national security agencies tend to err on the side of more data collection.  The more pragmatic Big Data check to Big Brother is if everyone starts flooding servers with data, data sets grow so large that it becomes expensive to monitor everyone all the time – there aren't enough federal agents in the day to dig through what Joe Citizen is or isn't doing at any particular minute.

However, if you are a Person of Interest to a hacker, all bets are off.  Samsung TV and Alexa become tools to gather information. (Note to self - Ask Alex Baldwin if he's had a cybersecurity audit recently if he's got Alexa in all his homes). The question becomes where and when can a hacker intercept this flow of information and what types of resources are available to evaluate it.  Interception of voice might occur through duplicating streaming audio before it reaches a cloud-processing site – especially if encryption is not involved – or be more one-stop shopping if the third-party's collection, storage, and processing capabilities are compromised through a back door or inside employee.

Is this crazy?  The director of the FBI and Mark Zuckerberg are putting tape over their webcams.   I'm willing to bet they aren't running out to fill their homes with Alexa and other always-on home devices.  Should you worry?  I don't know. What do you have of interest to someone else?




Edited by Alicia Young
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Contributing Editor

SHARE THIS ARTICLE
Related Articles

How Technology Has Affected eCommerce?

By: Contributing Writer    6/8/2023

Today, the eCommerce sector is still growing and for a good reason. The fact of the matter is the modern technology keeps evolving and reshaping how c…

Read More

The Ambidexterity in Digital Transformation

By: Lenildo Morais    6/8/2023

There are two ways of distinguishing digital transformation: representative and generative digital transformation. Digital ambidexterity embraces both…

Read More

As Open Source on the Mainframe Continues to Gain Popularity, Linux Foundation Announces Call for Papers

By: Arti Loftus    6/8/2023

The Linux Foundation's Open Mainframe Project has announced the launch of Call for Proposals (CFPs) for its 4th annual Open Mainframe Summit.

Read More

Jumio Unmasks the Deceptive World of Deepfakes

By: Greg Tavarez    6/7/2023

Jumio, a provider of automated identity proofing solutions, recently released its 2023 Online Identity Study to shed light on the potential risks pose…

Read More

A Boost to Enterprise Printing: ThinPrint Launches New Print Management Solution

By: Alex Passett    6/6/2023

The latest iteration to ThinPrint's solutions portfolio is ThinPrint 13. It features V4 printer driver support, cost-saving options, a PowerShell exte…

Read More