Your New Virtual Assistant Can Be Turned Into a Spy in Residence - Page 2

But think about who has access to your office. Perhaps the cleaning staff? Office assistants? Colleagues? Any of those could install the required software while you’re away.

But there’s a bigger threat, and that comes from Echo devices in public places and in hotel rooms. Marriott is already testing Echo devices to serve as electronic concierges, and has plans to install the devices in at least some of its hotel rooms.

The Wynn Las Vegas hotels are expected to have Echo devices in all of their rooms. Considering the number of staff that wanders in and out of hotel rooms in a normal day, from the housekeepers to the minibar fillers to the maintenance folks, there is no physical security for the device and you have to assume that it’s been compromised.

To keep a potentially compromised Echo from recording your conversation, you only need to press the mute button on the top of the device. Still worried? You can unplug it by pulling a small power connector out of the device when you don’t want it to hear what you’re saying.

However, you don’t need to worry about every Amazon Echo device. The Echo Dot doesn’t have those debugging pads, so there’s no way to load software using the hack that Barnes describes. Furthermore, this vulnerability has been removed from Echo devices made since the beginning of 2017.

But just because that vulnerability has been cleared, that’s no reason to think that your smart devices are safe. When Samsung came out with its voice-controlled smart televisions, the company was forced to include a warning that conversations that were heard in the vicinity of the television set may have been recorded.

Some smartphones have similar issues. For example, there’s malware for Android phones that can record conversations and that can use the phone’s camera to record whatever is visible in the phone’s vicinity. It's not known yet whether other smart devices such as the Google Home and the upcoming Apple HomePod can be hacked. The Apple device is still in development after all.

But it’s safe to say that successful hacks against the new products will come. So it will depend on the steps that will be taken in the future to make sure the devices are robust enough to withstand a hacking attack, but there are no guarantees.

In the meantime, follow the advice of an Amazon spokesperson and buy your Echo from a reputable source and to apply all updates promptly. If you must travel with your Echo, use the smaller Echo Dot that doesn’t have those debugging pads so that strangers in your hotel room can’t install those malicious scripts. The first line of defense, after all, is to protect your device from tamperers.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...