David Bisson

David Bisson is an infosec news junkie and security journalist. He works as Senior Content Manager at Bora, Associate Editor for Tripwire's "The State of Security" blog, Contributing Editor for IBM's Security Intelligence, and Contributing Writer for Palo Alto Networks' Security Roundtable, Gemalto, Venafi, Zix Corp, AlienVault, Barkly and others.

In May 2018, news emerged about an Amazon Echo that recorded a private conversation of its owners. Amazon said in a statement obtained by KIRO 7 that the device woke up when it heard something sounding like “Alexa” in the conversation. The Echo also apparently heard a “send message” request, contact name and verbal confirmation, explained Amazon, as it sent a recording of that conversation to a random individual on their contact list. The owners of the smart home device learned about the incident when the contact called them about the recording.

An Amazon engineer who spoke with the Echo’s owners thanked them for reporting the issue and said that Amazon intended to fix the glitch. But while well-intentioned, those assurances hardly assuage the privacy concerns of smart home device owners. This leaves users responsible for their privacy. With that said, here are some tips for how device owners can safeguard their privacy both on Amazon Echo and Google Home.

Mute the Device When Not Using It

Smart home devices are designed to listen and respond to what’s said in the household. But that doesn’t mean they should always be in listening mode. To protect their privacy, device owners should consider muting the microphone by pushing a physical button on the Amazon Echo or Google Home.

Choose Your Linked Accounts Carefully

Device owners must sync their accounts with Google Home or Amazon Echo to activate the devices. From that point onward, anyone with access to those accounts can listen to, share or delete the device’s recording data. Users therefore want to make sure they secure their synced Google and Amazon accounts with a strong password and two-step verification. They should also consider creating a designated account specifically for the purpose of managing the device.

Manage (and Occasionally Delete) Your Recording History

As time goes on, device owners should consider going through their recording data and deleting conversations that they don’t need or that involve sensitive information. Such proactive management can limit the types of information that others could learn if they somehow gained access to device owners’ recordings.

Block Incoming Calls

Both Google Home and Amazon Echo come with options that allow for incoming phone calls. Bad actors could potentially abuse these features by calling in unannounced and listening to conversations. Fortunately, Amazon Echo owners can protect themselves by switching the device to “Do Not Disturb” mode and turning off its Drop-In feature. Google Home owners can deter malicious callers simply by not linking their phone number with the device.

Disable Voice Purchases

Voice purchases are a convenient way for device owners to buy things online. But Amazon Echo and Google Home don’t respond to just the device owners themselves when it comes to this feature. Anyone inside the home can make voice purchases. As a result, device owners should consider disabling this feature.

Just the Beginning of Smart Home Device Security….

The above recommendations for how device owners can secure their Amazon Echo and Google Home are just the basics. For more advanced security settings, check out HotHardware and Tom’s Guide for both Echo and Home.

Sign up for our fortnightly newsletter to keep up to date with the latest cyber security news and advice on how to keep you and your family safe online.