I recently gave a tour of my home network. I walked around my home and showed all of the different electronic components of my home. This included the firewalls, routers, switches, cameras, and all of the devices that get interacted with. One thing that blew up in the comments over and over was comments to how secure my home was but that it was “all ruined by having an Amazon Alexa in my house”. This of course turned into a lot of debate asking “Is Alexa safe?”. With a little patience and education I think we can pretty definitively answer that question!
Watch the Video on Alexa Snooping
Is Alexa Safe or a Snooping Device?
First of all it is important to understand that Amazon designed the Echo (which is the device’s actual name) to listen constantly for a keyword. It doesn’t start recording or sending any data to any device until that keyword is spoken. That word can be “Alexa, Amazon, Echo, or Computer”. Once the keyword is spoken Alexa begins to listen and record your next few words. These words are pushed to some cloud servers and analyzed. Nothing outside of that interaction is ever sent to Amazon.
By opening the Alexa app on your phone, tablet, or PC you can see every single recording that Alexa has ever made and the exact content of that recording. It is true that Amazon keeps some portion of these recordings on their servers for an extended period of time. This is used to customize Alexa’s responses. For example if you ask Alexa to turn on a light she will remember that interaction. If your next command is simply “Turn it off.” without specifying a device Alexa will look at those previous interactions as a means of understanding what you want her to do.
If Amazon isn’t snooping, what about hackers?
In August of 2017 British security research firm MWR detailed how the Alexa could be compromised by hackers. It wasn’t easy. It required physical access to the device, complete disassembly, soldering devices to the board, and adding a new boot firmware. Something that clearly isn’t feasible for most hacks and definitely not by someone 10,000 miles away in a foreign country living in their mom’s basement. Amazon fixed the problem quickly and any device made after October 2017 is immune from even that attack. With that in mind you might consider buying new rather than buying a used Alexa on Craigslist of eBay that could have been modified.
I think its safe to say Amazon spent a lot of time worrying about security. An Alexa compromise could be devastating to their business. But with that in mind, its time to start asking the better questions!
You’re Asking the Wrong Questions
Asking “Is Alexa safe?” or “Is Alexa snooping on me?” is the wrong question. Let’s talk about why.
You Are Already Giving Far More Data to Amazon and Google without Alexa
We’ll come back to snooping a minute, for now let’s just focus on the data privacy aspect. So many of you are so upset that Amazon would collect any data on what you say to Alexa. Is Amazon using this data to sell more stuff to you? Of course they are! And they would be crazy not to. But we need to take a second and get real about this. Why are you worried about what Alexa collects? It’s creepy? It’s an invasion of privacy? Any number of other excuses?
It appears to me more and more that the ultimate issue with Alexa in people’s minds is that the data is being collected by a new mechanism that seems more personal than in the past: voice. The truth is however, you’re giving far more valuable data to Amazon, Google, Apple, and other big tech companies every day and none of them need a digital assistant to get it! Literally every single word you type on Google, Facebook, Instagram, or the like is analyzed and tied directly back to you via cookies and other more advanced tracking mechanisms. Why exactly is it that you are worried about Alexa, but you’re not making a big fuss about those? And those have been going on for almost two decades!
Even With Snooping You Are Looking in the Wong Place!
Back to the original worry about snooping. Asking “Is Alexa safe or is she snooping on me?” is the absolute wrong question to ask!
Society is really pretty terrible about taking the time to understand something. They let the media flash shiny things in front of them and they never go bother to see what the real facts are. This is a problem in many areas mostly in politics, but it also hits head on in privacy!
You’re worried about Alexa sitting on your counter top, because she’s in your house and plugged into your network. What about the smartphone in your pocket that’s connected directly to the internet and goes literally everywhere you go! It’s in your bedroom, in your car, it participates in every moment of your life right by your side. It is literally an internet connected microphone for your every move. Yet you’re not the least bit concerned about that!
Almost every device you have in your these days is connected to the Internet and contains a microphone. As I walked around my house I found them all over in things I hadn’t even considered before!
Potential Snooping Devices in my Home
The Marantz receiver has a microphone supposedly used for balancing the audio in the theater room, but alas its connected to the internet.
My Samsung Smart TV has a microphone and listens for voice commands and yep, it is also internet connected.
My iPad, my Microsoft Surface, and my Apple TV, all have microphones and internet connections.
The Camera I use for shooting The Geek Pub videos has 4 microphones and an internet connection.
My Gaming PC has multiple microphones and a camera all connected to the internet.
Worrying about Amazon’s Alexa and asking “Is Alexa Safe?” from a privacy and security perspective is similar to worrying about a toddler peeing on the deck of the sinking Titanic and sending the ships crew to stop the little guy instead of focusing on the real source of water. The giant holes left by the icebergs!
Why is there isn’t a massive focus on all of these things? After all, most of them have similar services such as Siri, OK Google, Cortana and the like. Again, we’re asking the wrong questions. It’s not “Is Alexa safe?” It’s “are all of my potential listening devices safe?”. If you’re worried about Alexa and not all of those other microphones in your home, then your not being honest with yourself.
How to Protect Your Home From All These Potential Snooping Devices
Our focus for security and privacy needs to be completely rethought. Let’s start with making sure our networks and devices are free from malware. And let’s be honest, if you think you’re going to keep the NSA the war is already over. We can however keep the script kiddies and professional hackers at bay. At least most of them.
Start by Securing your Network
The first step needs to be to secure your network at the entry point with a proper firewall. Don’t count on the router that your ISP gave you for security. Not only is it likely the bottom of the barrel cheapest of the cheap it is also likely loaded with spyware from your ISP that can snoop on all of the devices in your home. Verizon is well known for this type of shenanigans with their devices.
Get a real firewall and keep it up to date. I personally prefer to run pfSense as my firewall. It’s fantastic and you can get some inexpensive appliances from Amazon to run it on. With pfSense you can run anti-malware protection at the firewall. This is a great strategy as it adds another layer of protection for your home by blocking malware before it ever has the opportunity to enter your home network and land on your PC or devices. Ubiquiti also makes some great security appliances and firewalls if you’d prefer an out of the box solution.
Secure Your PCs and Other Devices
Make sure that every device and PC in your home is running the built-in firewall. This alone can be some of the simplest and most effecting anti-malware. Many internet worms travel by looking for open ports on your PC that can be injected with malicious code. With a firewall that patch is completely blocked (in most cases).
For any device in your home running Windows it is imperative that you have an anti-malware software installed. There are plenty of good choices for this, including Microsoft’s own anti-malware services.
Do not install (or let anyone else install) any software on your PC unless you are 100% certain it is safe. Installing drivers from 3rd party sites is a huge red flag. Only download drivers from the actual manufacturer’s website. Never install anything you can’t verify is directly from the company that released it.
Don’t visit nefarious sites! The most common way I’ve seen people get malware and spyware on their computers is through visiting sites they shouldn’t be going to. Porn sites, get rich quick schemes, gambling sites, and pirate sites. Many of those sites are loaded with malware just waiting to infect your PC. These sites can’t run legitimate advertisements so they look for illegitimate means of monetizing them. Bad hangs out with bad. Stay away from those places if you don’t want spyware on your device or PC.
So before we ask “Is Alexa Safe?” let’s ask a lot more important question: “Is our home network safe from malware?”