It seems like there are smart speakers just about everywhere these days. For folks looking to get in on the action without reaching too far into the couch cushions for cash, second-hand devices can seem like a viable option for enjoying the benefits of the hot tech tools at a budget-friendly price. But security experts warn smart speakers from secondary sellers could be used to spy on unsuspecting consumers, according to Forbes.
Ariel Hochstadt, the co-founder of online privacy company vpnMentor, warned that it’s possible for hackers and malicious actors to manipulate smart home speakers, and specifically to bug the device and insert spying tools. “The buyer would not be aware that they have purchased a pre-hacked device and, therefore, once in the home, the hackers would be able to access it remotely without ever having to enter the home,” he warned, per Forbes.
Primarily at risk to this type of attack is the first-generation Amazon Echo — the original model of Amazon’s wildly popular smart speaker equipped with voice assistant Alexa, which has been discontinued. That speaker in particular sports a physical device that makes it possible for an attacker to crack open the case and manipulate the internal components. Hochstadt said that an SD card could be used to turn the Echo into a spying machine that could “livestream audio from its microphone, and remotely use its services.”
When reached for comment, an Amazon spokesperson told us the following: “Customer trust is very important to us. Safeguards for customer privacy were built into the Echo from day one, including a microphone off button that electronically disconnects the microphone on the device so that no audio is recorded. We recommend that people purchase Echo devices from Amazon or authorized retailers.”
Unfortunately, because the attack isn’t software based, defending against it is tricky; simply undergoing a factory reset won’t cut it. Instead, it’s recommended that you purchase the device from first-party sellers and certified resellers. If you’re buying a used device, check for any signs of physical manipulation and make sure the device doesn’t come with any accessories like SD cards from unknown sources. These types of attacks aren’t necessarily common, but they are possible and something to be aware of when buying used devices.
There are also software vulnerabilities that smart speakers can introduce to your home, so if you’re purchasing one, make sure to always install the most recent update available. Doing so will often address known software vulnerabilities and bugs. Hochstadt also recommends keeping smart devices like the Echo and other Alexa devices, Google Home, and Apple HomePod connected to separate wireless networks so they can’t be used to intercept data and information that you transmit across your primary network.
