This Popular Device Could Be Putting Your Family at Risk, Study Finds

Many people use this item in their home, but it may harbor huge security flaws.

Your home should be a safe spot for you and your family. Over the years, however, you've likely accumulated more and more technology within your household to make things run smoothly, and not everything you bring into your home is keeping you protected. In fact, a new study has found that one popular device you might have at home could be putting your family at risk. Keep reading to find out about this major security problem, and for more potential dangers at home, If You're Using This to Relax, the FDA Says Stop Immediately.

A study says that Alexa majorly runs on third-party programs.

Couple sitting behind a coffee table, installing virtual assistant.
iStock

A study published March 4 from North Carolina State University says that Amazon uses third-party programs, called "skills," for Alexa to allow people to do many different things, from listening to music to ordering groceries. There are more than 100,000 skills users can choose from, the majority of which are created by third-party developers. Unfortunately, these third-party skills introduce multiple issues that could put a user's safety at risk.

"When people use Alexa to play games or seek information, they often think they're interacting only with Amazon," Anupam Das, co-author of the paper and an assistant professor of computer science at North Carolina State University, explained in a statement. "But a lot of the applications they are interacting with were created by third parties, and we've identified several flaws in the current vetting process that could allow those third parties to gain access to users' personal or private information." And for more on daily peril, This Is the Most Dangerous State in America.

The researchers found several security flaws within these third-party programs.

Rome, Italy, june 2020. Personal assistant Alexa in office business room, artificial intelligence help for trading online and live stock quotes news
iStock

The researchers used an automated program to collect and review more than 90,000 skills from seven different skill stores. In the study, they found that skill stores display the name of the developer who created them, but Amazon doesn't vet this. In other words, anyone could claim to be a trustworthy developer and then engage in phishing attacks. The researchers in the study were able to successfully register skills under developer names such as "Microsoft," "Samsung," "Ring," and "Withings," even though they had no association with these companies.

The researchers also found that Amazon allows multiple skills to be activated by the same requested phrase. "This is problematic because if you think you are activating one skill, but are actually activating another, this creates the risk that you will share information with a developer that you did not intend to share information with," Das said. "For example, some skills require linking to a third-party account, such as an email, banking, or social media account. This could pose a significant privacy or security risk to users." And for more up-to-date information, sign up for our daily newsletter.

According to the study, the privacy protections Amazon currently has are inadequate.

Photo series of an adult man working at the home office during a lockdown. Shot in Berlin.
iStock

According to the researchers, even some of the privacy protections Amazon has in place are flawed. The company requires that any skill requesting personal data—including location data, full names, and phone numbers—have a publicly available privacy policy that explains why they want that data and how they will use it. But according to the study, 23.3 percent of 1,146 skills they assessed that requested access to privacy-sensitive data either had no privacy policies or had privacy policies that were misleading or incomplete. The results were even worse for skills directed at kids, as only 13.6 percent of these provided privacy policies. And for more Amazon news, You Could Get Banned From Amazon For Doing This Common Thing.

The researchers say there are ways Amazon can make Alexa safer for users.

Happy young woman controlling smart home devices with a voice commands and smart speaker at home. Concept of a smart home and managing wireless devices remotely
iStock

According to the researchers, the study shows that "while Amazon restricts access to user data for skills and has put forth a number of rules, there is still room for malicious actors to exploit or circumvent some of these rules." By their account, Amazon has plenty of improvements to make to keep Alexa users safer. One of the suggestions researchers make is that Amazon notify users through a visual or verbal indicator when they are interacting with a third-party program. They also recommend that Amazon validate developers and provide a privacy policy template for skills to fill out. And for more things to be wary of in your home, If You're Making Your Dinner in This, Stop Right Now, Experts Say.

Kali Coleman
Kali is an assistant editor at Best Life. Read more
Filed Under
 •  •  •