Voice is the new screen. That’s what all the tech gurus are saying these days. We’re moving beyond tapping to simply speaking. “OK, Google,” “Alexa,” even “Cortana” have become standard parts of our vocabulary. Even our kids know how to play music, stories, or get help with their math or spelling from a voice-activated assistant of some kind. Voice command started with Siri and quickly became a standard feature in all smartphones and even in some of our vehicles. What seemed like science fiction only 15 years ago is now a common tool for most of our culture.
We are all hyper-aware, now, of the amount of information tech companies are gathering from our internet use. Since we carry fully connected devices around with us everywhere we go and use them to broadcast our daily routine on social media, there isn’t much that is hidden. Recently, though, we’ve become a bit cautious of how much of our data we share with these companies. It’s one thing to let Google know we like seeing ads on YouTube for our favorite movie genre, but tracking our location and schedule is a bit far.
A test by security group, Checkmarx, found a security flaw that allowed them to design an app that would leave the Alexa microphone on long after you’ve finished using Alexa. Then, the app would send the hacker a transcript of what the mic picked up while you didn’t know it was turned on. Checkmarx found this flaw earlier this month and reported it to Amazon. It was corrected immediately.
“Customer trust is important to us and we take security and privacy seriously,” the company said in a statement. “We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do.” – Amit Ashbel, director of product marketing for Checkmarx
This obvious flaw is the first of its kind that has been made public. There is no way to know how long it has been around or if it has been used by anyone to collect user data. Amazon was fast to fix the issue but only after a third party research group found the problem in the first place. There are always security risks with any smart-home or virtual device and having a microphone that is always on compounds that risks. The popularity of Alexa and Google home is ever increasing, though, despite these risks. With the outcry against Facebook for their data collection and usage, it seems interesting to me that these fully connected, in-home virtual assistants are becoming so common. So common, in fact, that they’re being designed for our kids.
Enter, the Echo Dot for Kids
The news of this breach was released today, and interestingly, so was Amazon’s new Echo Dot for Kids. The Alexa enabled personal assistant speaker comes with a protective case, a replacement warranty (for the inevitable drop on the hardwood floor), a year’s worth of Amazon Freetime, built-in parental controls, and a bunch of skills (apps) that are geared towards kids. The Dot will read to your kids, help them with homework, play kid-friendly Audible audiobooks and more. The Echo Dot for Kids is $79.99 on Amazon.com.
What Parents Should Know
Being able to lock your kids out of explicit music and audiobooks, disabling entertainment features in favor of educational skills, turning off voice purchasing, and other parental control options make the Dot for Kids a pretty appealing piece of technology. I am, however, very skeptical of putting a marketing company’s microphone in my kids’ rooms. I know that doesn’t sound like the opinion of a tech nerd but my distaste for targeted marketing to minors and collection of the data of children will always outweigh the desire to be in with what’s trendy in technology.
Though the Alexa security flaw has been resolved, I wonder how long it will be until another workaround is discovered? I bet it’ll be pretty soon. Here’s why: Amazon is trying to strike a balance between a way to gather the most information about your family as possible and still make you feel that your information is secure. There will always be functionalities in their systems that allow them to gather just that little bit more than you know they’re collecting. When a security company (at best) or hackers (at worst) find these functionalities, they exploit them to meet their own needs. Sometimes the need is to sell the workaround info to the company to keep it all quiet and sometimes it’s worse, the collection of data for sale or use. We all seem to be ok with Amazon or Facebook or Google having a bunch of our private data. After all, it is often used to make our lives easier and more convenient. The problem comes when something like the Cambridge Analytica fiasco takes place and we have our information being sold to the highest bidder or used to target us with fake news and advertising.
Unfortunately, as long as we have devices that take in our likes, dislikes, conversations, and habits, we will have companies using that information to further strengthen their bottom line. All I am saying is that, as families, we have to draw our own line. My line is drawn pretty strictly against voice-activated assistants in our home, especially ones designed to be used by my kids. Your line will be somewhere different than mine but I advise you to be knowledgeable about any tech you bring into your home. If you aren’t sure what something does or how it really works, I wouldn’t buy it or use it in the first place. I know that sounds a bit counter-cultural, but the culture seems pretty ok with giving away all of their personal information and then panicking when they find out it’s being misused. I don’t blame companies for that, I blame people. Facebook fooled us once, perhaps shame on them, if you’re fooled again, shame on you.