Some people believe that Alexa is listening all the time. This is true. Some people believe that Alexa records every word for posterity. This is false. Some people believe that having an Amazon Echo increases their risk of being hacked. This is also false. But, there’s more to the story.
For a solid overview of Alexa Voice Services (AVS), which is the underlying technology for Amazon’s Echo products, please read my essay: Just How Dangerous Is Alexa? It explains how voice-enabled smart speakers work and should help you frame your own thesis about Automatic Speech Recognition (ASR) and Natural Language Understanding (NLU) and Natural Language Processing (NLP).
Someone Found a Bug
A woman named Danielle recently contacted Amazon after an employee of her husband received audio recordings of private conversations from Danielle’s home.
Danielle, who had AVS-enabled devices in every room of her home and used them as her Smart Home hub, repeatedly called Amazon until an Alexa engineer investigated the matter.
“They said ‘Our engineers went through your logs, and they saw exactly what you told us, they saw exactly what you said happened, and we’re sorry.’ He apologized like 15 times in a matter of 30 minutes and he said we really appreciate you bringing this to our attention, this is something we need to fix!”
Amazon’s Explanation and Reaction
Amazon investigated, and the company explained what happened:
Echo woke up due to a word in background conversation sounding like “Alexa.” Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right”. As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
Amazon offered to “deprovision” Danielle’s Alexa communications, meaning that Danielle and her husband could still use the devices to control their Smart Home. Danielle, however, asked Amazon for a full refund for all of her devices.
This is not the first time a smart speaker has misinterpreted what it perceives from the world around it. You may remember a Google Home commercial accidentally activated Google Home devices around the world during the 2017 Super Bowl. Amazon responded to this incident by inventing (and patenting) a way for Echo to ignore the word “Alexa” ahead of its 2018 Super Bowl commercial.
These issues arise in spite of the fact that NLP systems are becoming increasingly more accurate. Less than two years ago, voice recognition sat in the 92 to 94% accuracy range. In the past year, Microsoft reduced its error rate to 5.1%. Google claims an error rate of 4.9%, but it may be using different testing approaches.
How Secure Is Alexa?
Besides mishearing wake words and not understanding your commands, Amazon’s Echo devices have a history of security blips and other worrying behaviors. Here are a few:
- Researchers found that “dolphin attacks,” audio played at a frequency inaudible to the human ear, can control smart devices without their owners being aware.
- Smart devices can be used as spy tools for law enforcement.
- Wired discovered that turning an Echo into a spy device only takes some “clever coding.”
- People have complained about a “sinister” laugh coming from Alexa. (Spooky!)
According to Amazon, all of your spoken commands are stored as text in Amazon’s cloud. You can see your history in the Alexa app. Unless you opt out, Google stores a history of every interaction you have with Google from every device. Facebook has your complete Facebook history. Every website or app you’ve ever visited or used has the ability to keep a record of every interaction you’ve ever had with it. Honestly, there’s nothing new here. Nothing.
Could Hackers Get Your Alexa History?
Hackers can get anything they set their minds to. Anything that can be hacked will be hacked.
If law enforcement served Amazon with a warrant to obtain your AVS records, the time stamps of the commands could place someone (not necessarily you because, at the moment, Alexa does not recognize who is speaking) at the scene of a crime or help an investigator put together a theory of a case. But this can be done with any or all of your digital interactions—credit cards, phone, computer, etc.
What Happens Next?
In spite of these worries and security risks, smart speakers, led by Amazon’s Echo products (with over 22M units sold last year), are on pace to be found in over 55% of US households by 2021 and are becoming the fastest-adopted consumer electronics devices, reaching a 50% penetration in just 3.5 years. (The smartphone took 5 years.) It’s projected that Echo devices will generate $7B in retail sales by 2020.
If you’re really paranoid, don’t buy an Echo or any smart speaker. That way, you’ll only have to worry about your smartphone spying on you … and your laptop … and your TV … and your microwave … and don’t forget government satellites and your run-of-the-mill James-Bond-Cold-War-Era, wiretaps, and laser-based eavesdropping tools … Just because you’re paranoid doesn’t mean they aren’t after you.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.