The Security Risks Of Smart Speakers

  • Home
  • Blog
  • The Security Risks Of Smart Speakers

Executive Summary

The IoT, or Internet of Things, encompasses everything connected to the internet, but is increasingly used to describe objects that communicate with one another, from smartphones and smart watches, to smart TVs, smart kitchen appliances and smart speakers. However, it doesn't stop there, as the race to connect everything to the internet continues - at present, there are over 27 billion devices connected to the internet.

The rise of smart speakers

IoT’s popularity is thanks to how easy it is to manage day-to-day tasks or make your home more automated when your devices can connect together and share data. For example, when your alarm goes off in the morning, you can program your lights to come on at that time or your coffee machine to start brewing, and even program your heating to turn on when you're a certain distance away from home. The possibilities are nearly limitless, although this enormous advancement in technology understandably comes with increased concerns about personal data privacy and security.

Let's talk about smart speakers. The main players are Amazon Echo, Google Home, and Apple HomePod, but there will be even more in the near future. A smart speaker is simply a speaker that’s connected to the internet and has a built-in voice assistant system such as Alexa, Google, Cortana, Siri, or Bixby.

Thin clients, or ‘dumb terminals’ capable of accessing a remote desktop, fall under the scope of the scheme when connecting to your organisation’s data or services.

There's nothing easier than saying, "Alexa, play Radio 1," or, "Alexa, turn on the lights," but everything you say to your smart speaker is recorded, but that’s not all. For your smart speaker to work properly, it has to be listening all the time, waiting for a wake up command such as "Alexa," or "OK Google." If it wasn’t, then it wouldn’t hear any of your commands. So does this mean everything you say around your smart speaker is being recorded? The answer is yes, despite manufacturers' claims to the contrary.

What are they listening to?

The way that the three major smart speaker manufacturers (Amazon, Google, and Apple) use these recordings has drawn scrutiny and attention. It has been revealed that employees at Amazon, Google, and Apple listen to smart speaker recordings in order to improve their voice recognition algorithms. Users have since reported dropping their voices during conversations to prevent their smart speaker from listening in, while others have gone as far as moving their smart speaker to another room, or turning it off entirely, to avoid being spied on.

In 2019, Amazon employees who transcribe and analyse Alexa recordings reported hearing recordings that were intimate and private, as well as some that raised suspicions of criminal activity. In the same year, some of Google's recordings, including secret and private information such as medical and commercial information, were released. According to reports, 153 of these leaked recordings were made without the wake up instruction, such as “Hey Google,” ever being said. Following the Google leak, an Apple employee also reported hearing recordings of personal information, sexual acts, and drug dealings.

Turning off active listening is the simplest approach to preserve your privacy, but you'll have to turn it on again if you want to use voice commands. If you don’t want your smart speaker constantly listening to you, or if you just want to have a private conversation without Alexa or Siri eavesdropping, this might be your only option. Here’s how to do it:


To disable active listening on your smart speaker, press the microphone mute button, which is normally located on top of the device and looks like a microphone with a line through it. Once pressed, the light should turn red and the device is no longer listening to voice commands. You can also prevent Amazon from manually reviewing recordings by: opening the Alexa app, looking for the menu located in the top left corner of the screen, selecting the ‘Settings’ option, selecting ‘Alexa privacy’, selecting ‘Manage how your data improves Alexa’, switching off the toggle next to ‘Help improve Amazon services and develop new features’, and then switching off the toggle next to ‘Use messages to improve transcriptions.’


To disable active listening on your smart speaker, press the microphone mute button, which is either located at the back or on the side of the device, depending on which model you have. You can also prevent any of your recordings from being saved on the Google server by: opening the Google Home app, selecting the ‘Accounts’ tab, selecting ‘Manage your Google account’, selecting ‘Manage your data & personalisation’, selecting ‘Voice and audio activity, and switching the toggle to off.


This smart speaker doesn’t have a physical button to mute the microphone, but Apple says you can turn off active listening by using the voice command, “Hey Siri, stop listening.” The smart speaker will then be unresponsive to any voice commands except for the one to resume active listening, which is “Hey Siri, start listening.” You can also disable active listening through Apple’s Home app. Open the app, select the ‘Rooms’ tab at the bottom of the screen, swipe to the room that contains your HomePod, press and hold the HomePod icon, and then toggle the switch for ‘Listen for Hey Siri’ to off.

Smart speakers have come a long way since the first one was released, getting better at simplifying everyday life and granting more and more access to all the information you could ever need on the internet. It’s no surprise they’ve become so popular! The only downfall, though, is that having one can mean handing over your privacy and security to big businesses. If you’re worried about your data falling into the wrong hands, then don’t hesitate to get in touch with our team of cyber security experts to see how we can keep you and your home secure.

Would you like to talk to us and find out more about our services?

Please fill in the form below and one of the team will get in touch.