Google Home, Amazon Echo or Hive: How safe is your data?

Cybersecurity: Are you forgetting something? *Cough, Internet of Things*

Features / Google Home, Amazon Echo or Hive: How safe is your data?

Google Home, Amazon Echo or Hive: How safe is your data?

Google Home, the always-listening voice-activated speaker was launched in the UK last week. On sale from tomorrow, 6 April, the diminutive home butler is powered by Google Assistant and is able to answer questions on a wide range of subjects, play music at command and also control your smart home products. It can also hail a taxi for you.

However, it's inception and launch has not been without controversy. When Google Home was first announced, security experts were concerned about it being connected to one email address, making it easy for visitors and intruders to activate and access sensitive data. Infact, it wasn't just Google who were asked difficult questions about it. Amazon's Echo works on the same principle and has raised questions on the safety of homes with a gateway with effectively no security on it. In fact, late last year, Philips Hue connected lightbulbs were remotely controlled via drones using easily available kit.

Smart Home products have always been on shaky ground in the security stakes anyway. Manufacturers are in a rush to get them to market and they usually boast of almost no security features that are robust enough to ward off serious attacks. And with the proliferation in 'connected' products and controllers, making sure that they hold up to all checks and measures is increasingly painful and unregulated. Most devices rely on security that's baked into the the wifi connection they use. And as Raj Samani, Chief scientist at McAfee says, that's no security at all: 'We bought a router and plugged it in. Do you know how long it took for it to get hacked? 60 seconds!'

'The need for a secure home gateway now is greater than it's ever been.'

A matter of life and death: Why the IoT needs an urgent security check-up

So when Google launched Google Home, together with its mesh-networked Google Wifi, they were ready for questions and doubts. However, their security measures will make cyber security experts cringe.

Turns out that Google advice against placing Google Home in public areas of your home. However, if you still go ahead and place it in your living room or kitchen, they ask that you put Google Home on 'mute' and do not allow Home to read emails or share calendar.

Anyone in your home can ask about information that you have made available to Google Home. To prevent others from accessing private information such as reminders and calendar entries from your Google Home, you can turn off Personal results in the Google Home app. This can be set device-by-device, so you can give a Google Home in your bedroom different access to your information than a Google Home in your kitchen.  

Many of us would think that's not robust enough security. It is akin to asking people not to show off their jewellery or to stick it in a safe when going out of the house. However, other smart home manufacturers are also guilty of similarly lax security measures.

On its website, Amazon says: “You can delete specific voice recordings associated with your account by going to History in Settings in the Alexa App, drilling down for a specific entry, and then tapping the delete button. Or, you can delete all voice recordings associated with your account for each of your Alexa-enabled products, by selecting the applicable product at the Manage Your Content and Devices page at www.amazon.com/mycd or contacting customer service.”

However, Rashmi Knowles RSA's chief security architect for EMEA doesn't think it is enough: “There is a big move with having things like Hive in your house, [which if hacked could] set someone’s house on fire,” Knowles says, noting that vulnerabilities found even in big-brand IoT products like Philips’ Hue lights could put consumers at risk. “I think there are lots of examples where it has been shown there is a threat.”

One area that both Knowles and Samani agree on is that hospitals could be at greatest risk of cyber attacks that piggyback on unsecured IoT devices to get patient data. 'If you could hack in, you could kill them,' Knowles said.

However, the fear that installing smart home devices in our homes is the same as inviting Big Brother in can never go away. They, however, have their advantages. Police have asked Amazon for recorded data off an Amazon Echo speaker that could help with solving an Arkansas murder case.

Every cloud, eh?

The following two tabs change content below.
Sunetra is a highly experienced technology journalist. Before joining TEISS.co.uk, she ran Mobile Choice magazine and MobileChoiceUK.com. She was also a judge on the BBC's Phone Shop Idol TV documentary series.

Comments

Get the latest cyber news in your inbox

Join our community of cyber professionals today!