Are your IoT devices listening in on your private conversations? Yes. They are listening, and it seems they are doing much more than that.
All over the news this week, in reports from almost all major news media, you’ve been hearing how Amazon’s Echo (Alexa) has been thrust into the middle of a murder investigation. For those of you not sure what that story is about I’ll give a brief recap.
Arkansas police have issued a warrant for audio files stored on Amazon’s servers, that they believe may have been recorded from one of Amazon’s Echo devices that resides in the home of the primary suspect in a murder case. During the murder investigation, police seized the Echo device from the suspects home and immediately inquired to the devices’ capabilities, then issued the warrant. However, Amazon has refused (twice) to hand over any data.
So, how is it that Amazon has anything to hand over in the first place?
For that, we look into the Echo and the IoT (Internet of Things).
Amazon’s Echo is a Smart Home device capable of interacting with other smart devices within a person’s home. Often used to control a smart thermostat or smart lighting system, it can operate a multitude of other appliances, as long as they are connected to the homes network. The Echo is voice activated, which means that it operates in an “always-on” mode, listening for an activation command from its users. It “wakes up” to a user giving the voice command, “Alexa” or “Amazon”, depending on settings. Then, it awaits commands to play music or set the temperature in your house or any number of things.
Okay, it’s voice activated, so what?
Well here is where we get to the tricky part. The Echo, in an attempt to learn your preferences, records your voiced commands and searches. It sends that data back to Amazon for analysis (and stores it), in what Amazon says is to build a better user experience. But what users didn’t count on is the possibility that Echo might also be recording segments of normal every-day conversations due to its always-on listening mode. Just how much is being recorded is still a bit vague, but could come to light if the Arkansas Police are able to secure the data they wish to acquire. Could be quite a can of worms?
To continue with the same story, the police also seized other IoT devices such as a smart water meter, Nest thermostat, and Honeywell alarm system. Police continue to pick through mounds of collected data in search of clues.
So, how does the IoT affect me?
In short; Your IoT devices are constantly monitoring and logging your daily activities. And some are considerably more invasive than others. But more than that, each of these devices is usually connected, in some way, to the internet. Which means, if you are taking full advantage of the incredible coolness that is the IoT, you’re putting out more information than you could possibly imagine. Remember, the more information you put out there, the harder it is to secure.