Is Someone Hacking Your Echo? Probably Not Right Now

Most IoT device security is pretty terrible, so you’re probably assuming that virtual assistant devices like Amazon Echo and Google Home are a major risk. After all, these devices record all nearby conversations (at least temporarily). But while Alexa does pose some privacy issues, most do not consider it a major security risk.

Why? Two reasons. First, major companies like Amazon, Google and Apple take security seriously and their devices are quite hardened. In fact, we tested an Echo Dot as part of a recent IoT pen testing project and it passed all our security assessments. Companies like Amazon and Google put in the time and effort to make their products secure (not impossible to hack, but much more secure than an IoT webcam or a device from a minor manufacturer).

Second, an Echo is a low-value target for a hacker. These home automation devices don’t store data long-term; they record it, transmit it, then delete it. So hacking an individual Echo could net a hacker some personal information on a few people, but hacking a major website’s database could get them personal information on hundreds of thousands of people. In short, there are plenty of less-secure devices and platforms that can yield a great reward for bad guys. 

While it’s highly unlikely a cybercriminal will hack your virtual assistant device, we do advise that individuals avoid discussing sensitive information near an always-on listening products like Echo. Businesses should also segment all IoT devices including virtual assistants from their corporate network in case one of them is infected.

Find the Original Article Here