A US woman has complained of feeling invaded after a private home conversation was recorded by her Amazon’s Alexa voice assistant, and then sent it to a random phone contact … who happened to be her husband’s employee.
What did Alexa do?
As first reported by US news outlet KIRO 7, the woman identified only as ‘Danielle’ had a conversation about hardwood flooring in the privacy of her own home in Portland, Oregon. Unknown to her, however, in a serious security flaw, her Amazon’s voice assistant Alexa, via her Amazon Echo, not only recorded a seemingly ‘random’ conversation, but then sent the voice recording to a random phone contact without being expressly asked to do so.
The woman was only made aware that she had been recorded when she was contacted by her husband’s employee, who lives over 100 miles away in Seattle, who was able to tell her the subject of her recent conversation.
How Could It Have Happened?
Last year Amazon introduced a service whereby Amazon Echo users could sign up to the Alexa Calling and Messaging Service from the Alexa app. This means that all of the contacts saved to your mobile phone are linked to Alexa automatically, and you can call and message them using voice commands via your Echo.
In the case of the woman from Portland, Amazon has reportedly explained the incident as being the result of an “unlikely” string of events which were that:
- Her Alexa started recording her voice after it registered as hearing its name or another “wake word” (chosen by users)
- Subsequently, in the following conversation (about hardwood floors), Alexa registered part of the recorded conversation as being a ‘send message’ request
- Alexa would / should have said at that point, out loud, ‘To whom?’
- It is believed that Alexa then interpreted part of the background conversation as a name in the woman’s phone contact list
- The selected contact was then sent a recorded message of the private conversation
Investigated
The woman requested a refund for her voice assistant device, saying that she felt invaded.
Amazon has reportedly apologised for the incident, has investigated what happened, and has determined that the flaw was an extremely rare occurrence. Amazon is, however, reported to be taking steps to avoid this from happening in the future.
Not The First Time
Amazon’s intelligent voice assistant Alexa has made the news in the past for some unforeseen situations that helped to perpetuate the fears of users that their home devices’ had a security flaw that could have a more sinister dimension and / or could malfunction or be used to invade privacy. For example, back in 2016, US researchers found that they could hide voice commands in white noise played over loudspeakers and through YouTube videos in order to get smart devices to turn on flight mode or open a website. The researchers also found that they could embed voice commands directly into recordings of music or spoken text.
Also, although Amazon was cleared by an advertising watchdog, there was the case of the television advert for its Amazon’s Echo Dot smart speaker activating a viewer’s device and placing an order for cat food.
What Does This Mean For Your Business?
Although it may have been a series of events resulting in a ‘rare’ occurrence, the fact is that this appears to be a serious matter relating to the privacy of users that is likely to re-ignite many of the fears of home digital assistants being used as listening devices, or could be hacked and used to gather personal information that could be used to commit crime e.g. fraud or burglary.
If the lady in this case was an EU citizen, it is likely that Amazon could have fallen foul of the new GDPR and, therefore, potentially liable to a substantial fine if the ICO thought it right and necessary.
Adding the Alexa Calling and Messaging service to these devices was really just the beginning of Amazon’s plans to add more services until we are using our digital assistants to help with many different and often personal aspects of our lives e.g. from ordering goods and making appointments, to interacting with apps to control the heating in the house, and more. News of this latest incident could, therefore, make some users nervous about taking the next steps to trusting Amazon’s Alexa with more personal details and important aspects of their daily lives.
Amazon may need to be more proactive and overt in explaining how it is addressing the important matters of privacy and security in its digital assistant and devices in order to gain the trust that will enable it to get an even bigger share in the expanding market, and successfully offer a wider range of services via Alexa and Echo devices.
CALL US ON 0203 005 9650 FOR SUPERIOR CYBER SECURITY
Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.