Just like computers and smartphones, smart speakers can be hacked. If a cybercriminal can break into your smart speaker, they can probably hack into the rest of your network too.
Security by design
The good news is that speakers from leading brands – Amazon, Google and Apple – are all considered to be relatively secure. Each supports WPA-2 encryption, a secure WiFi connection that can prevent data and instructions being intercepted by hackers for instance.
They also support two-factor authentication. Whenever you try to make a purchase using your smart speaker you will be asked to speak a 4/6 digit code. This code is sent by Apple/Google/Amazon to your smartphone – a trusted device that only you should have access to. If you – or an unauthorised user – cannot speak the code, the purchase is aborted.
There is always a risk that these speakers may have security bugs, but the software is updated regularly. So long as you keep applying patches when they are released, your speaker should be relatively secure.
Who is issuing the command?
Both Google Home and Amazon Echo speakers are able to register and recognise multiple voices. This allows you to secure the system so that unrecognised voices cannot trigger voice commands.
Apple’s HomePod on the other hand still only supports a single Apple ID. It will also accept a “Hey Siri” command from anyone – including strangers. This could be a risk to personal data as it allows anyone to check your diary, or to make phone calls for instance.
Unlike Google Home and Amazon Echo however, the HomePod cannot be used to purchase goods online yet, limiting the potential fall-out from someone issuing unauthorised commands.
The “always on” issue
The biggest concern most people have about smart speaker is what they record, and where those recordings go. Apple, Amazon and Google all admit that their speakers are constantly listening – unless you turn them off.
But the manufacturers are equally keen to stress that none of the recordings ever leave the device unless you speak the all-important keyword. Only then is data sent to the relevant cloud service for processing. Each service also stores these commands for a period of time.
Apple are careful to anonymise your data when it is saved so that no one can find out who made the recording – the information is only retained for a maximum of six months and used to improve voice recognition services. Google and Amazon on the other hand store that information permanently, using it to build a detailed advertising profile for you.
It is also worth bearing in mind that each of the smart speakers saves every conversation it hears. These recordings are not sent to Amazon/Apple/Google immediately, and are deleted when it becomes clear you are not talking to the speaker. But there is a very short timeframe (usually a matter of minutes) where a hacker could steal those recordings if they can break into your speaker.
The chances of this kind of breach happening are quite slim, but there is always a very small risk of compromise.
So which do you choose?
Each speaker – Google Home, Amazon Echo and Apple HomePod – is relatively safe and secure. In fact, there is very little to tell them apart security-wise.
So really it comes down to a choice of which device fits best with the rest of your home network. Apple iPhone and iMac/MacBook owners will find that the HomePod works really well with their existing devices. Similarly, Android smartphone owners will find that the Google Home range shares services and data seamlessly for ease of use. But for anyone interested really interested in shopping by voice, Amazon Echo is a great choice.
Whichever you choose, the speaker is bound to perform well. Just make sure you follow the included instructions carefully to ensure it is set up securely.