LP Pain Points – Issue #3 – Too Smart Speaker

LP Pain Points discusses issues that keeps those in the loss prevention industry up at night. Each month we will examine topics and areas of concern that have been brought to our attention by retailers, industry professionals and publications. Within our common goal of reducing shrink, we can often lose sight of what is truly important. Consumer experience is the ultimate driver of overall profitability and sustainability for the retailer. While this is not new or profound insight, it often gets lost in the day-to-day discussions about what happened, what’s been lost, who’s to blame and what we are doing to combat it.

Too Smart Speaker

The smart home seems to be more and more commonplace. As I sit at my kitchen bar writing this edition, I think about all the devices that can be remotely accessed and controlled via a virtual assistant in my own home. Whether it’s “OK Google^TM, how big is the moon,” “Alexa^TM,  play Kung Fu fighting,” or “Hey Siri®, call Boo,” digital assistants have become part of our lives. They keep us organized, connected, informed and on track. All great, right? Well almost… What about that smart speaker? You know, the one that may just be a little too smart? Technology is great, but in these changing times, it’s paramount that patches are installed, updates are current and security measures are in place, especially since many of us are working outside the comfort and security of our organizational networks.

So how do we enjoy the convenience of technologies such as smart speakers while also ensuring the security of our information? Recently I read an article published by Navy Federal Credit Union that focused on “8 Ways to Secure Your Smart Speaker”. The article was brief but to the point.

1. Be selective about what you connect.

Smart speakers can act as hubs for other devices in your home such as your lights, thermostat and television. But you might want to think twice before extending this convenience to your front door or security camera. By connecting security devices to your smart speaker, you leave these devices more open to vulnerabilities, potentially raising the chances of your systems being hacked or exploited. Limit potential vulnerabilities by setting devices to update automatically, ensuring that they’re running on the most current software version.

2. Don’t share sensitive information.

Digital assistants record anything after their respective command phrase is said (such as “OK Google”) and send it to a server to parse the data and answer your request. Your voice recording can be stored for months or even years, which helps improve your results, but is also a privacy risk. To avoid the potential threat of having your voice data hacked or mined for passwords, credit card details or other sensitive information, take care not to share sensitive information and make sure to delete past recordings.

3. Strengthen your network security.

What type of wireless network is your smart speaker connected to? Check the settings of your Wi-Fi router and make sure you’re using password protected WPA2 security, the most secure encryption method widely available. Never rely on default passwords—instead, set custom passwords for your router and Wi-Fi network that follow recommended password guidelines, using a combination of upper and lowercase letters, numbers and special characters. If possible, set up a guest Wi-Fi network for unsecured devices to help contain potential security exploits. Use strong passwords for the associated Amazon, Google or Apple accounts as well, opting to use multi-factor authentication if possible.

4. Restrict purchasing access.

The viral stories of toddlers using smart speakers to purchase expensive toys can be humorous, but there’s also a lesson to learn. To prevent rambunctious children, prankster friends or malicious strangers from making purchases with your smart speaker, set up a purchase password and keep it a secret.

5. Turn off personalized results.

Your smart speaker may provide an option to give specialized results from your email, calendar, contacts or shopping list. Limit access to this data by turning off “personal results” or an equivalent feature on your device.

6. Enable voice recognition.

Some smart devices provide support for voice recognition, meaning they can identify if a voice is yours or not. Turn this feature on so your digital assistant will limit personal data and purchase power to your voice.

7. Keep an eye on your email inbox.

If a purchase is somehow made on your device that you didn’t authorize, a notification email should be waiting in your inbox to inform you. From there, you can take steps to cancel the order.

8. Mute the microphone.

Not currently using your smart speaker? Mute it. Muting between uses can stop your smart speaker from turning on when it mishears something as its wake command. This can prevent accidental and malicious recordings.

As security industry professionals, it’s important that we not only stay up to date on the latest threats, but also the potential ones. PPS is committed to this initiative, and in turn through our efforts, we are better prepared and equipped to support both our organization and the clients we are privileged to work with.

NOTE: The above article was an excerpt from NFCU’s “8 Ways to Secure Your Smart Speaker” with modifications made by Product Protection Solutions (PPS). It is intended to provide general information and shouldn’t be considered legal, tax, or financial advice.