Voice assistants are everywhere. They are in smartphones, televisions, vacuums, kitchen appliances, and doorbells, and most of them are managed through your smartphone or tablet. These digital devices help make our lives easier and manage everyday tasks, like turning on and off lights, ordering food, and providing directions. In some cases, reading news, emails, calendar events, sending reminders, and making phone calls, and it is all done by using your voice. How many voice-controlled devices do you use to make your life easier? Given the popularity of voice-activated devices, I'm sure you have several. While you are counting, don't forget to include TVs and remote controls.

Voice-activated devices are ready to assist as soon as those "magic" wake-up words "Okay Google," "Hey Siri," "Hey Alexa," or others you may create are spoken. These "wake up" words are programmed into the devices, so the devices start listening and recording once they wake up. And nowadays, voice-enabled devices are getting smarter by the minute, thanks to those fueled by Artificial Intelligence (AI) technologies. Voice assistants use AI-powered speech recognition to provide voice or text support to discover and recommend activities and calendar reminders – if you grant the device access to the information needed to carry out these functions.

Though voice-activated devices offer great conveniences and are fun, they should be used with caution. Once the device has power and is set up on your home Wi-Fi network, it's ready to be activated and record what you ask or command. Just like any other smart home gadget, voice-enabled devices connected to your home network are at risk of being hacked. They come with the added risk that if hacked they can be used to eavesdrop on you. Also, be careful not to activate them accidentally, because voice recordings sometimes are sent to and stored on a technology companies' cloud server. Luckily, some companies are now storing voice recordings on your devices, allowing you the option of deleting recordings yourself.

How Voice-Activated Devices Work

Generally, your voice request is processed, analyzed (by computers and sometimes humans), and a response is transmitted back to the user. Granted, most of the information collected may not be sensitive, but, it could be if, for instance, you are discussing sensitive business that involves Personally Identifiable Information (PII).

1.      Once you say the "magic words" (or, in some cases, something similar), the device activates and is ready to start recording your question or command.

2.      The voice-controlled device will analyze the request and determine if it can handle it or if your recorded request needs to be sent over the internet to its database that houses pre-existing words and phrases to look for a response.

3.      Then the database sends back to the voice-enabled device the response to your request.

4.      In some cases, the device might seek clarification from you before carrying out the request.

5.      The voice-controlled device carries out the request.

How to Reduce Top Privacy Concerns

This may sound simple, but the best and most effective way to protect your voice-enabled devices and your privacy is to disable them. Yes, simply go to your Settings for the device and turn the device off when it is not needed. It's as simple as toggling that on/off switch to "off" when you don't need to use the device. To disable a voice assistant, unplug it. When you can't disable voice-enabled devices, it's important to understand how to enable safety features, primarily through your phone and tablet. Let's take a look at how these devices can be manipulated by cybercriminals, and what you can do to reduce your risk of a privacy violation.

EAVESDROPPING—A couple using a voice-activated home assistant accidentally recorded their private conversation, and it was sent to a member in their contact list. This incident illustrates not only the importance of remembering what voice-activated devices you have turned on in your house, but also the importance of knowing what permissions you have enabled on these devices. In this case, the couple allowed their device to have access to their contacts!

What if the recorded conversation was work-related, involving a person's Personally Identifiable Information (PII)? This incident might have been a privacy breach and a violation of their organization’s Rules of Behavior because we all have the responsibility to protect personal information, irrespective of where we work. The other concern is voice-enabled devices can be hacked and used as listening devices. If you chose to use a Bluetooth enabled device like ear buds to communicate to your voice assistant, the device can become vulnerable to a Bluetooth attack.

Best Practice—One of the ways to keep your voice-recognition device from listening and/or recording you (with or without your knowledge) is to go to your Settings and turn the microphones off when not in use – particularly during work hours. Simple, right? You can always turn it back on when needed.

REMOTE TAKEOVER—According to the experts at Washington University, ultrasonic waves can be exploited for nefarious intent to remotely take over a voice-enabled device, called a "Surfing Attack." Using sound waves whose frequencies are inaudible to the human ear, and unknown to the device owner, a cybercriminal can transmit the waves through solid surfaces to active voice-enabled devices. With some additional hardware, cybercriminals can hear the device's response, allowing an attacker to take control of your voice-controlled devices (like a cell phone) without having to be in the same room. This may sound like something out of a spy novel, but it isn’t, it is very real. Consider if a hacker used this scheme on your cell phone, and they could make phone calls, send and read messages, take images, add or alter calendar events, and, worse, download malware?

Best Practice—To reduce the chances of being susceptible to this attack, place voice-enabled devices on a "soft, woven fabric" such as a tablecloth, in order to block these soundwaves. When out and about, try to keep your cell phone in your pocket (that is, if it can fit), or place your phone in a thicker cell phone case.

REMOTE ACTIVATION—Be sure your voice-enabled devices are designed with privacy or security in mind. Some lack authentication and verification mechanisms that can allow a cybercriminal to remotely activate your device. Due to the lack of user authentication controls, hackers can manipulate voice assistant devices by remotely injecting malicious inaudible and invisible commands into the device's microphone. This attack can be orchestrated through glass windows or doors over significant distances using a laser beam pointed at the voice assistant's microphone. The assistant will detect, acknowledge, and comply with whatever request is being made. You're probably thinking, so, how does this impact me? Well, consider, for example, that a digital assistant, or some other peripheral they connect to, can carry out sensitive commands such as opening smart front door locks/garage doors, shopping on e-commerce websites, and even locating, unlocking and starting certain vehicles if the car is connected to a voice assistant device.

Best Practice—Be sure you keep your device's software up to date. If possible, allow automatic updates under your Settings. Manufacturers are adding authentication and verification safeguards, such as those to learn your voice to verify that it is you activating the device. Consider setting up notifications that your voice-enabled device has been activated, and if available, go into the device Settings and set up a unique pin or security question before allowing your voice-controlled devices to execute commands and move your gadgets away from glass doors and windows. Also, create and connect your voice-enabled devices, or at a minimum your home's virtual assistant, to a separate Wi-Fi guest network. This way, if your voice assistant is hacked, a cybercriminal cannot use it to control other smart home devices.

As with any smart technology, consider the work and personal privacy implications before you start "Okay-ing” and "Hey-ing” any voice-assisted devices. Start by understanding how voice-controlled devices work and how you can guard your privacy by enabling all the privacy settings.