Experienced security pros like Amy DeMartine simply won't allow a digital assistant into her home.
DeMartine, a principal analyst who serves security and risk professionals for Forrester, says last year's reports of so-called "voice squatting" (aka "skill squatting") – where attackers create malicious Amazon Alexa "skills" that appear to be legitimate applications – has her thinking twice about any of these digital assistants.
"People have to decide what their risk threshold is and configure Alexa or any other digital assistant accordingly," DeMartine says.
According to Candid Wueest, senior principal threat researcher at Symantec, consumers should start by asking the following questions: Do I really need the device, and, if so, what do I need it for? Do I want the device to have a camera to check in on my dog, or am I OK with no camera? And since I already have several devices in my home, do I want to stick with one brand because it's easier to integrate?
Another $64 million question, and this is the big one: Do I trust the vendor?
"This is not an easy one to answer, but, ultimately, you have to trust that the vendor will safeguard your data," Wueest says.
So if you absolutely have to have Alexa or Google Assistant in your home, heed the following advice from DeMartine, Wueest and Jessica Ortega, a website security research analyst at SiteLock. And if you're a security pro, be sure to educate your customers, too.