Alexa is Amazon’s flagship home product: a voice-activated smart assistant that saves you from the onerous effort of Googling things yourself and writing dates down, like our pioneer forefathers used to do in the early 2000s when they weren’t breaking in horses or blackleading the stove.
But it has a selection of serious inbuilt flaws – in fact, when you look at it, it turns out to just be a stack of stuff waiting to go wrong.
Here’s how Alexa works:
You talk to it, saying something like, ‘Alexa, what’s the time?’ and – without you even having to look at your wrist – Alexa tells you.
Like this:
A few things had to happen for this to be possible – far-field microphones that can hear you across the room, for instance.
But the most important development was fast broadband access to the cloud. Amazon doesn’t have to put all the answers inside Alexa units – in fact, there’s almost nothing in the box. An Alexa listens to what you say, transmits it to Amazon’s Global MegaCorp HQ and figures out the answer, then returns the answer to the Alexa unit which tells you.
One of the flaws with a voice assistant is that it has to be on all the time. If the mic’s not always on, how can you turn it on with your voice? So all voice assistants share this requirement that their microphone is always turned on, picking up everything you say and relaying it to your corporate overlords company HQ to make sense of it.
They use a word called a ‘hotword,’ which you can set yourself but which is usually the assistant’s name, to turn them on and start fully paying attention.
Recently, a couple in Portland found out that their Alexa had sent a recording of a private conversation to the husband’s employee, 170 miles away, who called them up and told them: ‘Unplug your Alexa devices right now. You’re being hacked.’
Here’s what Amazon said happened:
Sounds legit.
In reality this probably is exactly what happened – though watch this space – but it draws attention to the fact that if you have a smart assistant in your home, you’re choosing to live under surveillance.
Only terms of service stand between you and a terrifying, Black Mirror-like dystopia.
And terms of service can be violated.
Amazon probably isn’t spying on its users – at least, not in a way that we can prove.
But Alexa is powered partly by a constellation of third-party ‘Skills’ – analogous to apps.
And they represent a porous frontier of security threats. We’ve already found a few – security researchers built a rogue Skill that recorded everything the Alexa could hear and transcribed it for their benefit.
So that’s all fixed – until the next one shows up.
The bottom line is this: no-one should have an always-on microphone in their house, communicating with an artificial intelligence owned by a corporation or government.
Keeping your home free of microphones is as obvious as privacy decision as keeping it free of cameras, and as getting and using a decent VPN.