Elliott Greenblott | Fraud Watch: Take caution with convenience — Voice assistant security

Posted
Alexa, what team won the 2010 Superbowl? Siri, where does my brother live? Google, what is the current temperature in Ventura, Calif.? If questions like this seem familiar, you are CONNECTED!

If they are strange, then welcome to the world of connected technology. Amazon's Alexa, Apple's Siri and Google's Home are generally called voice assistants and are capable to responding to a wide range of questions using a variety of information sources including the internet and your computer.

In the case of Alexa and Home, the devices are always on and activate when things like "Alexa" or OK, Google" are spoken.

This means that technically, they are always listening to what is being spoken. The question becomes "Can hackers access your conversations and your information through these devices?"

Both Amazon and Google use data encryption so while hacking is possible, it is not very likely. A bigger danger lies in the possibility that a hacker may be able to gain access to Google or Amazon user accounts.

Both of these systems store all questions posed to them in chronological order so fraudulent access to an account can open the door to all the information which is stored on company servers.

There are a couple actions that can be taken. Most of the hardware comes equipped with "mute" buttons. Company web sites also allow users to "pause" recordings but this can be quite inconvenient.

Other systems, such as Apple's Siri, Amazon's Tap and the Alexa remote must be activated by a switch or button. It is possible to delete all recording information through your Amazon or Google account. (In the case of Siri, the recorded information is tied to a set of random numbers, not a used ID.) The ultimate question comes down to what is more important, the convenience of an instant response device or personal security.

This past week has seen the release of additional information on a danger related to Wi-Fi activity. The threat comes under the name of KRACK and exploits a flaw that is present in virtually all Wi-Fi routers and system software. This flaw allows hackers to bypass the usual security protocols and intercept online activity on public and personal systems.

This flaw can be found in the operating systems of computers that allow Wi-Fi communications as well as the home and business Wi-Fi routers that carry our data. The best way to find out if your devices are potential targets for KRACK attacks is to contact their manufacturers and software suppliers. While most of the computer software and router hardware companies are in the process of releasing "patches" to repair the problem, Wi-Fi users can solve the problem immediately without waiting for the new releases. Safety can be found in a Virtual Personal Network (VPN). VPNs are software downloads that encrypt information at your computer before it is sent to a Wi-Fi router.

The data then goes to a remote server where it is unencrypted and transferred to the open internet. VPNs come in a variety of "flavors" including lifetime licenses, annual renewal offers and monthly payment formats. Pricing differences are based on the level of service purchased. Inexpensive plans offer few services and may provide slow service due to a limited number of connections available.

Higher priced services provide faster connections to the internet and sometimes include "cloud storage" or other features. VPNs provide what is currently the safest way to use both public and private Wi-Fi networks Wi-Fi.

Unsure of where to go? Have questions and need assistance? Call the AARP National Fraud Watch Network helpline at 877-908-3360. Finally, consider joining the AARP Fraud Watch Network as a Volunteer. AARP is seeking Fraud Fighters of all ages. Contact the AARP Massachusetts Office at 866-448-3621, AARP New York Office at 866-227-7442, or AARP Vermont Office at 866-227-7451.

Elliott Greenblott is a retired educator and the Vermont coordinator of the AARP Fraud Watch Network and can be reached at egreenblott@aarp.org

TALK TO US

If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.



Powered by Creative Circle Media Solutions