Some scary-sounding news of an un-patchable vulnerability in the Echo has the internet in a panic today, so rather than Alexa Fast Tips today’s post is here to reassure you that these click-baity stories don’t mean you need to worry about Echo hacking.
They’re Saying Hackers Can Use My Echo To Bug My House!
The nerve-jangling headlines and summaries breathlessly report it’s possible for hackers to use your Echo device to eavesdrop on you without your knowledge. Possible, yes. Easy to do? No. Likely to happen? No. Per Ars Technica:
To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren’t likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.
Ars also reminds readers that pressing the button on top of the device will mute the microphones. If you want to read more about how a Linux whiz could accomplish this hack, read the full Ars Technica article here.
Basic Precautions Against Non-Hacked Access To Your Alexa Devices
While the type of attack that’s all over the headlines today isn’t likely to happen, it’s important to remember that your Alexa devices are connected to your WiFi and Amazon accounts, and that’s reason enough to take some basic precautions.
1. Set a PIN for Alexa purchases. This is especially important if you have children, untrustworthy roommates, or houseguests. Essential if you ever sublet your home on services like AirBnB.
2. Take your cell phone’s security seriously. Remember that the Alexa app offers access to many of the same functions you use on the device itself, as well as being linked in to your Amazon account. If you’ve enabled Alexa messaging, the Alexa app will contain names and phone numbers for at least some of your contacts and–depending on permissions you’ve set–could provide “Drop In” access to your Alexa devices. Set a lock screen PIN, and don’t leave your phone just lying around where strangers or people you don’t know well could access it.
3. If you’ve enabled Alexa messaging, periodically check your Alexa contacts list in the Alexa app. People are automatically added to your Alexa contacts list when: 1) they’re in your contacts list and 2) own at least one Alexa device and 3) have enabled Alexa communications with their own device.
That means the contacts list you saw in the Alexa app when you initially set up Alexa communications is subject to change at any time. Blocking contacts you don’t want to have access to communicate with you via Alexa is easy enough to do in the Alexa app, but you have to know they’re there in the first place. It’s not like Alexa gives you a heads up every time a new contact is added.
4. If you have smart home devices linked to your Alexa devices, don’t leave any of them near windows, on patios, in the garage, or anywhere else where passers-by or neighbors might have access to it when you’re not around. Whether it’s prankster neighborhood kids having fun turning your lights, TV and thermostat off and on, or thieves trying to open your Garageio door, unwanted access to your Alexa devices can end badly.
A few simple, common sense steps are all that’s needed to keep your Alexa devices secure at this point.