Could Alexa Be Putting Your Company’s Cybersecurity at Risk?

Enterprises need to take extra cybersecurity precautions as voice-powered digital assistants like Amazon’s Alexa make their way into the workplace.

“For most of our cultural evolution as a species, humans have transmitted knowledge and ideas from one generation to another through oral tradition,” explains the J. Walter Thompson Innovation Group’s 2017 report, Speak Easy: The Future Answers to You. “The voice is therefore perhaps the most innate and intuitive way for us to communicate.”

It’s hardly surprising, then, that half of all internet searches will be conducted via voice as soon as 2020. Voice-powered digital assistants like Apple’s Siri and Amazon’s Alexa are increasingly effective — at just 5%, their average speech recognition error rate is on par with the typical human’s — and their popularity with consumers has soared in recent years. In fact, market research firm Ovum reports that “the native digital assistant installed base is set to exceed 7.5 billion active devices by 2021” — a figure larger than the current global population.

As convenient as it may sound, a world densely populated with voice-powered digital assistants will not be without its pitfalls. This was made abundantly clear by a recent incident involving an Amazon Echo that was at once comical and concerning.

Is Alexa Listening In?

At the end of May, a Portland, Oregon, couple got a curious phone call from one of the husband’s Seattle-based employees. Much to his surprise, the employee had received an unsolicited audio recording of a conversation the couple had just had about hardwood flooring — a conversation that had taken place in the comfort of the their own home.

As it turns out, the couple’s Echo had misinterpreted their casual home improvement chatter as a series of voice commands, causing the device to record and transmit their conversation to the husband’s employee. “Echo woke up due to a word in the background conversation sounding like ‘Alexa,’” explained Amazon’s official statement. “Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud, ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list.”

The odds of this chain of events repeating itself are admittedly slim, but however improbable the incident was, it speaks to a set of concerns that companies like Amazon will have to assuage moving forward. And as Alexa makes its way from the consumer sphere into the corporate world, these concerns will only grow louder and more difficult to put to rest.

The Risk of Voice Tech in the Workplace

Companies already have access to Alexa’s “skills” that enable them to use voice commands to navigate workplace staples like SAP, Salesforce, and Slack. As such capabilities proliferate, the security of devices like the Echo will become an increasingly pressing concern.

The repercussions of an “office Echo” recording and transmitting sensitive corporate conversations to a random party would be serious enough, but such a scenario may be just the tip of the iceberg. Last fall, researchers at Zhejiang University in Hangzhou, China, discovered a deeply troubling vulnerability in voice-powered digital assistants manufactured by Apple, Amazon, Google, Huawei, Microsoft, and Samsung.

As summarized by Fast Company, the research team “translated typical voice commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants.” This allowed the team to activate the voice assistants, make calls, send text messages, and even open malicious websites — all without the casual listener even noticing.

The researchers readily admit that the maximum range for such a covert takeover is only about five feet, but the fact that this vulnerability exists at all should give companies pause.

Keeping Your Enterprise Networks Safe

Whether a company is ready to start integrating voice-powered technologies into its everyday operations or simply interested in optimizing its existing IT infrastructure, partnering with a security expert like Turn-key Technologies (TTI) is often the best way to protect its networks.

With nearly three decades of experience helping enterprises design, deploy, and manage cutting-edge wired and wireless networks, TTI has the know-how necessary to deliver corporate connectivity that’s as high-performing as it is secure. New technologies always introduce uncertainty into the cybersecurity equation, but our award-winning practitioners are well-versed in delivering creative, customized solutions to suit each of our clients’ evolving needs.