6 Security Tips Before You Put a Digital Assistant to Work
If you absolutely have to have Amazon Alexa or Google Assistant in your home, heed the following advice.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt35a09092a182fa6a/64f0d4c1ec1d25c146a6a60d/Slide1CoverArt.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Experienced security pros like Amy DeMartine simply won't allow a digital assistant into her home.
DeMartine, a principal analyst who serves security and risk professionals for Forrester, says last year's reports of so-called "voice squatting" (aka "skill squatting") – where attackers create malicious Amazon Alexa "skills" that appear to be legitimate applications – has her thinking twice about any of these digital assistants.
"People have to decide what their risk threshold is and configure Alexa or any other digital assistant accordingly," DeMartine says.
According to Candid Wueest, senior principal threat researcher at Symantec, consumers should start by asking the following questions: Do I really need the device, and, if so, what do I need it for? Do I want the device to have a camera to check in on my dog, or am I OK with no camera? And since I already have several devices in my home, do I want to stick with one brand because it's easier to integrate?
Another $64 million question, and this is the big one: Do I trust the vendor?
"This is not an easy one to answer, but, ultimately, you have to trust that the vendor will safeguard your data," Wueest says.
So if you absolutely have to have Alexa or Google Assistant in your home, heed the following advice from DeMartine, Wueest and Jessica Ortega, a website security research analyst at SiteLock. And if you're a security pro, be sure to educate your customers, too.
Forrester's DeMartine advises consumers to start by changing the default password on their Wi-Fi routers. You don't want to only be using the default password from your ISP, especially if you plan to make purchases via your digital assistant. In fact, once you change the default password on your Wi-Fi router, change your Amazon or Google password to something much stronger. The strongest passwords are unique to you and ones you can remember.
Most digital assistants allow you to activate a "voice lock" by training the device to recognize your voice, typically through repeating a few sentences, Symantec's Wueest says. For example, Alexa will have you speak 10 phrases to learn your voice. You can also configure your voice assistant to share private information, such as your email, calendar, and text messages, only when it hears your voice making the request. The assistant will still respond to anyone's voice for basic commands, such as requests for weather updates, sports scores, or turning the volume down. Forrester's DeMartine adds that if you plan to use the voice purchasing function, make sure to set the voice lock for just the adults in the home. You don't want to give young children or teenagers the ability to unlock the device to make purchases.
If you decide you don't want to shop by voice, you can opt to turn off voice purchasing, Wueest says. If you do enable online shopping, make sure you receive follow-up emails confirming your purchases, and check your credit card statements to make sure fraudsters aren't running up charges on your account. For added protection, you can opt for a four-digit confirmation code before authorizing a purchase.
SiteLock's Ortega says when people buy a Fire TV or any other smart TV, what they're really looking for is the ability to stream video more easily. However, they may not realize that many of these new TVs come with a digital assistant. If that's the case, read the manual to understand all the features and learn how to make all the updates. Another good tip: When the TV gets old and you pass it along to a friend or take it to the dump, find out how to erase all the data. You don't want your history and credit card information floating out there.
SiteLock's Ortega says when people buy a Fire TV or any other smart TV, what they're really looking for is the ability to stream video more easily. However, they may not realize that many of these new TVs come with a digital assistant. If that's the case, read the manual to understand all the features and learn how to make all the updates. Another good tip: When the TV gets old and you pass it along to a friend or take it to the dump, find out how to erase all the data. You don't want your history and credit card information floating out there.
Experienced security pros like Amy DeMartine simply won't allow a digital assistant into her home.
DeMartine, a principal analyst who serves security and risk professionals for Forrester, says last year's reports of so-called "voice squatting" (aka "skill squatting") – where attackers create malicious Amazon Alexa "skills" that appear to be legitimate applications – has her thinking twice about any of these digital assistants.
"People have to decide what their risk threshold is and configure Alexa or any other digital assistant accordingly," DeMartine says.
According to Candid Wueest, senior principal threat researcher at Symantec, consumers should start by asking the following questions: Do I really need the device, and, if so, what do I need it for? Do I want the device to have a camera to check in on my dog, or am I OK with no camera? And since I already have several devices in my home, do I want to stick with one brand because it's easier to integrate?
Another $64 million question, and this is the big one: Do I trust the vendor?
"This is not an easy one to answer, but, ultimately, you have to trust that the vendor will safeguard your data," Wueest says.
So if you absolutely have to have Alexa or Google Assistant in your home, heed the following advice from DeMartine, Wueest and Jessica Ortega, a website security research analyst at SiteLock. And if you're a security pro, be sure to educate your customers, too.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024