Cross Identity

Official Blog

Alexa, What is my Cybersecurity Status?


It’s undoubtedly the era of smart technology. We started with smartphones, and we’ve reached smart homes today. With everything being so advanced, one would assume that people would pay close attention to cybersecurity as well, but that’s not the case.

As much as you’d like to believe that getting hacked is just a story that you read on the web, it is an unfortunate reality. Everyone is vulnerable to it. Without a verified authentication of your identity, anybody can get hold of a lot of your data. With the advancement of IoT and the rate at which everyone is imbibing smart technologies, calling Alexa and Siri every other second, it is imperative to have a strong focus on security as well.

In this read, we’ll tell you about the trouble that is apparent with the smart technologies and what you can do to secure yourself.

How can a hacker take advantage?

You might wonder that with big names backing up smart technologies, they are bubbled wrapped with security. As much as companies are trying to ramp up the security measures, the loopholes at the end of the day, are always people. Even if a technology is enabled with the best in security if you have been careless with your credentials, then what can anybody do?
Here is an incident that came to light in early December 2019. Washington Post covered this incident where a mother installed a ring camera, a smart technology in her child’s room, which was taken advantage of by a hacker.

The hacker made use of the camera’s two-way talk feature. The unfortunate incident led to the hacker harassing the girl with negative comments. The girl soon went to her father for help, and they were able to put an end to the incident.

This is an alarming example of the scope of hacker’s abilities. Yet, this wasn’t even the first of its kind incident. The reports have clarified that this wasn’t a breach of security due to the device but rather a classic case of stolen credentials or utilizing the vast array of hacked data available online. The family, however, were not equipped with the right information to safeguard their credentials.

This all boils down to the fact that technology is way ahead of its security today. Or rather ahead of people’s capabilities to handle cybersecurity on their own.

You can read our blog, “Have I been Pwned”- What can you do next?, to know how you can recognize if your credentials are already out there for a hacker.

Alexa, Siri, Google Home, and more, how secure are they?

In November 2019, researchers published a paper describing how the smart devices in your home can be taken advantage of with just a laser. Yes, you read that right.

According to them, when a laser is directed at these smart speakers, the speakers are tricked into believing that lasers are voice commands and convert them into electrical signals. They stated how a google home was used to open a garage from a distance of 250 to 350 feet away.

The possibility of someone taking advantage of this loophole is enormous. The hacker could control everything that is connected to it. From playing music to startle you to possibly even unlocking your car. The companies have stated that they are looking into the research to ensure customer’s privacy is never compromised.

Not long ago, Google Home, Apple’s Siri, and Amazon Alexa received backlash over a privacy concern. The company’s contractors had access to your conversations with the speakers, which is a major eyebrow-raising concern.

The companies, however, did clarify that the data was anonymous and did not connect back to any user. The Siri’s privacy page stated how these were encrypted as well and were only used to improve the interaction with the recognition system. They also released a slew of privacy options from where people could opt-out of being recorded.

A dedicated team of employees hear Amazon’s Alexa recordings of users, and they too claimed that it was to improve their service. Around 1700 of their recordings were even sent to a random person due to employee negligence, according to a report!

Even Google Home was identified to be recording and eavesdropping on data without permission as well.

The companies have made their intentions with the recordings apparent. They have also stated how they are stored for a limited amount of time, after which they are deleted from all storage. Yet, this is a grey area with several concerns.

Previously, hackers also demonstrated how a complete take-over of the speakers was possible with a simple bug. The technique, although impractical as it needed several technical skills and control of Echo’s Wi-Fi network, did bring concern. The hackers alerted the company, after which they released security fixes for the same.

Take cybersecurity matters into your own hands!

While the speakers, cameras, and other such smart devices are out of your direct reach for data control, there is still a lot you can do to protect yourself.

You may not be equipped with the skills to deal with a hacker, yet, you can still prevent them from taking advantage of your security loopholes. Moreover, the main vulnerability with IoT devices, besides their amount of control, is their nature of connectivity. Your one device can expose several others. Due to the lack of knowledge of password best practices, a breach in your home can even lead to a breach in your organization. But, you can prevent all of it.

  • Follow password best practices: This is a simple one, but it is gold. Passwords aren’t going anywhere right now. They will be your first layer of protection. Always use complicated passwords, at the least, which cannot be easily guessed by someone glancing at your social media account. Make use of the previously mentioned blog, to understand how you can know if your credentials have been exposed in a data breach and change them immediately. And never use the same credential across different accounts and devices.
    Just imagine, what if your Alexa is hacked and you have used the same credential for your business account and the hacker tracks down your organization? This puts you and your company at risk.
  • Use multi-factor authentication, always: MFA ensures your security has additional security. If someone has your password, but your device does not recognize it, then it can easily demand that the hacker enter an OTP sent to you to ensure this is not a security breach. This can indeed save you from a hacker.
  • Make sure you are updated! The companies are always recognizing the security gaps and releasing patch updates to correct them. Make sure you download and update them on time.

Cybersecurity is tricky, with the new opportunities with IoT, it is going to get trickier. While you’d want to enjoy the ample opportunities that come with smart technologies, be smart about using them as well!

Further reads:

  1. IoT insecurity to security – Blog Post
  2. Xpress Password – Solutions Page

Related Posts

Leave a comment