Tips from the Experts: CES Spreads Awareness of Smart Device Safety

Cybersecurity experts discussed how to safeguard "always-on" devices such as Amazon’s Echo and Apple’s iPhone.

by Adam Candee, Las Vegas Sun / January 6, 2017

(TNS) -- Hey Siri, did you tell Alexa what we talked about last night?

This is not sample conversation from the latest episode of "The Bachelor." Within the “internet of things” that connects everything from our phones to our refrigerators, people talk to their devices to access a world of information and convenience. Your device listens when you talk to it — and when you don’t.

Cybersecurity experts discussed Thursday at a series of panels at CES a range of topics, including how to safeguard "always-on" devices such as Amazon’s Echo and Apple’s iPhone.

“For the first time, people are starting to think about: There’s all this data going to a third party,” said Zulfikar Ramzan, chief technology officer for RSA Security.

The microphone on an Echo, for example, listens for a voice command at all times. Unless it hears a "wake word" such as Alexa or Amazon, the device does not transmit any information, according to the company. When one of those words is detected, an encrypted query goes out to Amazon.

What happens to that information when it is transmitted also generates concern among industry officials and cybersecurity experts.

“The amount of data all these devices are collecting is mind-boggling,” said Craig Spiezle, founder and president of OTA Alliance, and a former Microsoft executive. “That’s one of the things we sit down with developers and talk about is, what are you doing with all this data? Maybe Alexa should hold that data and it’s discarded after a day.”

Users also can go to an Amazon website to delete individual pieces of information collected by an Echo or similar machine. Many consumers might not know this and other information about how to customize the devices that increasingly automate small facets of their lives.

“You’ve got to tell us what the risks are; you’ve got to give us the ability to opt-out if needed,” Ramzan said. “Alexa doesn’t need to always be listening and transmitting data back to Amazon.”

Suzanne Spaulding works for the National Protection and Programs Directorate, a division of the Department of Homeland Security dedicated in part to cyber infrastructure. Spaulding walked the floor at last year’s CES and quizzed exhibitors displaying the latest in consumer devices about visitors to their booths.

“’Has anyone asked you about cybersecurity?’” Spaulding asked exhibitors.

“They mostly gave me blank looks,” Spaulding said. “I just arrived (this year), but I’m anxious to do the experiment again. Consumers are waking up to the risks here, not just that their device will harm them, but that it will harm others.”

Spaulding emphasized the need for developers to incorporate security at the beginning of their design process, creating devices that can handle today’s threats and later be patched to deal with new exposure. Hackers have commandeered smart refrigerators and other appliances within the internet of things, exposing the vulnerability of devices meant to create convenience and save time.

“We’ve been increasingly focused on the internet of things, health data, wearables,” said Ben Rossen, an attorney with the Federal Trade Commission.

One of the central trends at this year’s consumer technology tradeshow is the rise of vocal computing. Industry analysts already see a shift from the more traditional graphical user interface (GUI), such as pushing an icon on your smartphone to access an app, to the use of voice as a primary means of control. In 2016, 2.9 million home robots like Echo and Google Home were sold. That number is expected to grow to 5 million within the next four years.

The overall "smart home" industry, including connected home appliances and even light bulbs, generated $25 billion in revenue in 2016.

©2017 the Las Vegas Sun (Las Vegas, Nev.) Distributed by Tribune Content Agency, LLC.