Podcast: Play in new window | Embed
Rita asked: “I was thinking of getting one of the ‘Alexa’ (is that her name?!) cubes that you talk to and ask things for like play country music or something like that. I have heard that she is always on and listening. Does it really listen to everything? For example, people have told me that they have said in conversation with another, but in front of the cube thing, “Do you want to eat Italian?” and without any cube contact, it will say, “The closest Italian restaurant is ….” Not sure if I made myself clear, but that’s my question, Is the cube thing always listening? Thanks.”
Rita, yes and no. Alexa is always listening, but it always listens specifically for the trigger word “Alexa,” once it hears the words it sends your question to Amazon’s cloud for processing, and the clip it sends does include a fraction of a second prior to the trigger word.
The people that told you about their conversation about Italian restaurants may have spoken a word that sounded similar enough to “Alexa” to trigger the speaker, but it should not always be listening otherwise.
It is worth mentioning that these are devices that you’d be better off buying from a reputable source. While we haven’t heard of real-world attack, we have heard of proof of concept attack in which someone with physical access to a 2016 or earlier Alexa-enabled Amazon speaker removed the rubber at the bottom, accessed the debugging ports and uploaded modified firmware.
The malware allowed the hacker to then access the speaker remotely and listen in on its microphones 24/7.
Again, we haven’t seen this done in the real world, only in lab tests, but the fact that it can be done means that anyone with physical access to a device can do it, and that’s something to keep in mind before buying one of these used, or getting them fixed at a less than reputable shop.
It’s worth noting that Google Home works the same way as Alexa, it waits for the command “Ok, Google” to start recording what is spoken to it, but recently Google had to patch some speakers that were constantly recording.
Since the hardware to record is always present on these devices, your only safe bet is to never say anything private around these speakers, but to be fair, you’d also have to avoid your smartphone, your laptop, your Bluetooth-enabled car, and basically anything else with a microphone and a way to access the internet.