That's not to say that such devices should be strictly excised from your network. After all, any network device that you use, including your computer or your cell phone, comes with some degree of risk. The solution to addressing your risk concerns is to engage in appropriate risk management.
In cybersecurity, we often consider the attack surface, which represents the breath of vectors through which vulnerabilities are exposed, and potentially compromised and exploited. Introducing an Echo inevitably expands that attack surface.
As a security minded user, your goal should be to shrink that attack surface so that the risk of something bad happening is tolerably low. What actually you could take with the Echo is to change the device's wake word. These voice control devices are constantly passively listening. They're waiting for particular words to be uttered such as "Alexa." Once the wake words are received, they then switch to an active listening mode where they're actively trying to absorb everything that's said, parse the words for meaning, and perform some sort of action based on what's understood.
This word trigger represents a point of risk. If the Echo hears "Alexa" from someone that shouldn't have control, from the phone or from a nearby television, it might act in an unexpected manner. By changing the wake word to something less common, the probability of unintentionally awakening the device is reduced. In fact, the attack surface is shrunk.
An especially irritable risk is the risk of these devices unintentionally ordering products or making payments. This risk can be mitigated with proper authentication. In security, authentication refers to proving one's identity. Theoretically, only properly authenticated individuals should be authorized to perform particular actions such as making voice purchases.
Authentication can be achieved using a few types of things, things you have, such as the physical key, things you are, in this case your voice, or things you know, such as the password.
Here we can add an authentication layer by implementing a pin to prevent undesired purchases from being made. There's also a pervasive concern that these always listening devices can compromise privacy, especially if they're unintentionally awoken and begin to actively listen without the present audience's awareness. This risk to privacy can be constrained with a proper communication protocol.
In information security, we often think in terms of communication protocols. Such protocols establish standards around initiating communication by one party, such as a person, acknowledgement that the initiation was received by the counter party, such as an Echo device, and then allowing the original party to begin the communication with an expectation of what the counter party might do with that communication.
We can modify the Echo such that it responds to its wake word with an audible beep. This is the device's acknowledgement to speakers that it's listening. If you have this set up, and you hear a beep, you're now warned that your dialogue is being listened to.
For more information on securing your voice-controlled devices, check out Deral's blog post on voice-controlled devices on blog.rapid7.com.
If you have any questions along the way, certainly feel free to reach out to us at research@rapid7.com.
That's it for this week's Whiteboard Wednesday, and we'll talk to you next time.
