Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Voice-activated assistants such as Amazon Echo and Google Home have become very popular. More than 20 million homes already are using a voice-activated assistant or “smart speaker,” and with good reason. They are tremendously helpful for so many things. If you need to know the score of last night’s baseball game, get the latest weather forecast, start your coffee brewing, or even turn down your thermostat, smart speakers are ready to do the job.
Security and privacy are always a concern with any of the new technology that we use and the Echo and her friends are no exception. While these voice-activated assistants can be hacked, the threat is low: hacking them is complicated and criminals haven’t found an easy way to monetize hacks.
But the threat does exist. Any time you use a device that is connected to the Internet, there are risks of your network being hacked and exposed. Fortunately, there are some simple steps you can take to protect yourself.
Security Steps for your Voice-activated Assistant
- Don’t store passwords, contact information or credit card information on your smart speaker.
- Your router is a critical part of your home network. Change the default administrative password on your router if you didn’t do so when you first got it. If you don’t change it, it is simple for a hacker to access your router through the easily accessible default administrative password.
- Change your Wi-Fi network password.
- Strengthen your router’s encryption capabilities by using WPA2 encryption.
These steps can dramatically protect your voice-activated assistant from being hacked. However, the biggest threat posed to you by your smart speaker has nothing to do with hackers. It is a relatively simple scam that merely enlists your speaker to unknowingly lure you into becoming a victim.
The scam occurs when you ask your voice-activated assistant to call a business for you. Your smart speaker picks the top position in a search engine, and that’s where things go wrong.
For years scammers have been setting up bogus tech support websites for your favorite tech companies, such as Facebook and Instagram. By paying for ads in search engine results or by manipulating the algorithms used by the search engines, the scammers manage to get their bogus websites into top positions in Google and other search engines. Unbeknownst to you, your smart speaker calls on of these phony tech support websites, which then scams you out of money or personal information. You may even be conned into giving the scammer remote access to your computers.
Scammers also use similar tactics on people looking for help with the repair of common household appliances, such as refrigerators and washing machines. Your voice-activated assistant may unwittingly call a number for a fraudulent repair business, where you are asked to pay a small fee for a next-day service call. Unfortunately, this is all a scam. No service person comes the next day.
Just last year alone, Google removed more than three million fake business profiles; the number of phony business websites is probably much larger.
The best place to look for a telephone number for tech support, customer service, or warranty information is on the company’s official website, on your bill, or in the warranty documents that came with your appliance or device.
Also, be very careful even when you call the number for tech support or customer service. Clever scam artists — the only criminals we refer to as artists — purchase telephone numbers that are a single digit off of the legitimate phone numbers for many companies’ tech support or customer service numbers in order to take advantage of common consumer misdials.
Voice-activated assistants can be very useful, but you have to take precautions to secure them and be aware of their limitations.
Featured image: Zapp2Photo / Shutterstock.com.
Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now
Comments
If I was to tell someone, I’m going to have someone sit in your living room. bedroom, where ever & listen to every word & sound you and anyone else utters, I’m sure the reaction would be one of horror. Yet that is exactly what you are doing when you invite one of these devices in to your home. It takes nothing more that a cursory thought to realize it HAS to listen to everything. The fact that it has a trigger word, does not negate that it is listening ALL the time. You are then operating under the trust that the huge wealth hungry multi-national will not record (which they already do) AND keep everything said, with or without the trigger word. I can’t even imagine why anyone would endorse the idea of having someone listening to you 24 hours a day, would be a good idea. As for the idea that they diifcult to hack, they are no more difficult than any other Internet connected device, it uses exactly the same technology & exactly the same security technology as any other device. There is no magical rocket science technology in use in them.