This story began with a local news report. The anchor was talking about the latest pileup to strike the Midwest. Thirty-eight vehicles had been blinded by snow and collided on the I-94 freeway in Michigan. Thankfully, no one was injured. But this story is not about the crash, and it’s actually sort of a funny story. Every time the anchor replied to the reporter Alexa, it activated my Amazon Echo.
The Amazon Echo is the new virtual assistant that is running Alexa. It is an amazing device that you can instruct to play music or order products from Amazon. In order to manipulate it; all that you have to say is “Alexa,” followed by a command. For example, you could say “Alexa, please order me dark chocolates for my girlfriend.”
For me, this unintentional activation sparked my curiosity and I wanted to know more. This must have happened to others. After some investigation I discovered the full list of commands for Alexa. It turns out that with compatible smart home features, you can order your Amazon Echo to unlock your doors. This upgrade only needs a $180 smart lock upgrade on top of your Echo. Then you only need to say “Alexa, unlock the front door.”
You’d be surprised to learn that Amazon never built Alexa to identify the consumer and Echo doesn’t care where the orders come from. It turns out that there is very little preventing Echo from taking orders from anyone. Your only insulation is the doors and walls of your house. There is a report on the security dangers and it outlines the new risks of vocal security.
At the moment there is really no countermeasure to the bug, short of turning off Echo. You could rename the Amazon Echo, but it won’t prevent a snooping criminal from listening in. You also couldn’t add a passcode to the Echo, for the very same reasons. One possible solution to this flaw is for Amazon to code in biometric vocal identification. This feature is not available right now, and it might take years to come online. As it stands right now, the technology still struggles with false positives or false negatives. This problem will not be resolved anytime soon because you can easily synthesize people’s voices with Adobe VOVO.
There will always be a cost to innovation. New user experiences routinely open up new forms of hacking. Luckily for entrepreneurs, there might be a solution. In the last decade machine learning has made great strides. Today it routinely analyzes your viewing habits to recommend shows. The technology works by recognizing patterns in data. The development of this software is usually a very expensive endeavor because engineers need very specialized training.
This is slowly changing with the efforts of startups. One company, Workfusion, is developing their RPA Express tool as an interface for training computers, and there are others. The Echo software could be trained to only respond to a user that shows specific behaviors, like the homeowner. It is only a matter of time before this venerability costs Amazon customers millions. Entrepreneurs could earn millions solving this problem.