WEBVTT - Here's How Alexa Spied on a Couple

0:00:04.640 --> 0:00:07.320
<v Speaker 1>Just how did Alexa record a conversation and send it

0:00:07.360 --> 0:00:09.799
<v Speaker 1>to a contact? What's going on? I'm Rich Damiro. This

0:00:10.039 --> 0:00:12.320
<v Speaker 1>is rich on Tech Daily. It's one of the biggest

0:00:12.320 --> 0:00:15.200
<v Speaker 1>setbacks yet for smart speakers. A new story out of

0:00:15.240 --> 0:00:19.280
<v Speaker 1>Seattle that and Alexa secretly recorded a couple's conversation then

0:00:19.400 --> 0:00:21.760
<v Speaker 1>sent it to one of their contacts. So how did

0:00:21.760 --> 0:00:24.119
<v Speaker 1>this happen? Let's break it down like you. When I

0:00:24.160 --> 0:00:27.080
<v Speaker 1>first heard about the story, I was intrigued. The headlines

0:00:27.120 --> 0:00:31.480
<v Speaker 1>says it all woman says her Amazon device recorded private conversation,

0:00:31.760 --> 0:00:34.440
<v Speaker 1>sent it out to a random contact. Then I watched

0:00:34.440 --> 0:00:36.320
<v Speaker 1>the segment, which was done by a local news station

0:00:36.400 --> 0:00:39.080
<v Speaker 1>in Seattle, and I was kind of confused. I really

0:00:39.159 --> 0:00:42.120
<v Speaker 1>wanted to know how this could happen. The statement Amazon

0:00:42.159 --> 0:00:44.559
<v Speaker 1>gave the station was pretty light on facts, but then

0:00:44.600 --> 0:00:46.400
<v Speaker 1>the big blogs picked up on it and they got

0:00:46.400 --> 0:00:49.400
<v Speaker 1>a better statement from Amazon, which said Echo woke up

0:00:49.520 --> 0:00:51.840
<v Speaker 1>due to a word in the background conversation that sounded

0:00:51.880 --> 0:00:55.600
<v Speaker 1>like Alexa. Then they heard send a message request, at

0:00:55.640 --> 0:00:58.760
<v Speaker 1>which point Alexa said to whom, to which the background

0:00:58.760 --> 0:01:01.680
<v Speaker 1>conversation was interpreted as a name in the contact list.

0:01:02.080 --> 0:01:05.480
<v Speaker 1>Then Alexa said the customer's name out right, Alexa interpreted

0:01:05.480 --> 0:01:09.640
<v Speaker 1>in another background conversation as right and as unlikely as

0:01:09.680 --> 0:01:12.640
<v Speaker 1>this string of events is, said Amazon, we are evaluating

0:01:12.640 --> 0:01:16.160
<v Speaker 1>options to make this case even less likely. All right?

0:01:16.240 --> 0:01:18.520
<v Speaker 1>So what that all means? The issue stems from a

0:01:18.560 --> 0:01:22.559
<v Speaker 1>feature on the Echo called Alexa Calling and Messaging, which

0:01:22.600 --> 0:01:25.480
<v Speaker 1>means you can send voice messages to others who use

0:01:25.720 --> 0:01:28.759
<v Speaker 1>messaging with Alexa on their Echo. So how does that

0:01:28.800 --> 0:01:31.480
<v Speaker 1>work well? For starters? When you open the Amazon Alexa

0:01:31.520 --> 0:01:33.679
<v Speaker 1>app on your phone for the very first time, it

0:01:33.800 --> 0:01:35.840
<v Speaker 1>asks you if it can have access to all of

0:01:35.880 --> 0:01:39.640
<v Speaker 1>your address book contacts. Most people just say yes, and

0:01:39.680 --> 0:01:42.920
<v Speaker 1>when you do, Alexa imports all of your contacts. This

0:01:43.000 --> 0:01:45.559
<v Speaker 1>makes it easy for her to send messages or place

0:01:45.600 --> 0:01:49.160
<v Speaker 1>a phone call using Alexa as a speakerphone. According to

0:01:49.200 --> 0:01:51.600
<v Speaker 1>Amazon support page, to send a message to someone in

0:01:51.640 --> 0:01:55.000
<v Speaker 1>this case, this recorded private conversation, here's what you say.

0:01:55.440 --> 0:01:58.400
<v Speaker 1>You say, Alexa send a message to the contacts name.

0:01:58.680 --> 0:02:00.960
<v Speaker 1>If the name is similar to other contacts in your

0:02:01.000 --> 0:02:03.360
<v Speaker 1>address book, Alexa will repeat the name back for you

0:02:03.400 --> 0:02:06.080
<v Speaker 1>to confirm. Once you confirm the name, Alexa prompts you

0:02:06.120 --> 0:02:09.000
<v Speaker 1>for the message. When you finish talking Alexa sends your

0:02:09.080 --> 0:02:11.600
<v Speaker 1>voice message. Now, I tried this on my Echo and

0:02:11.639 --> 0:02:13.639
<v Speaker 1>realized a big part of this is that the person

0:02:13.680 --> 0:02:15.560
<v Speaker 1>on the other end also has to have an Echo

0:02:15.600 --> 0:02:17.880
<v Speaker 1>with the messaging feature enabled. In this case, it was

0:02:17.880 --> 0:02:20.240
<v Speaker 1>an employee of the husband in the couple, So I'm

0:02:20.280 --> 0:02:23.200
<v Speaker 1>guessing they mentioned this person's name or something that sounded

0:02:23.240 --> 0:02:26.399
<v Speaker 1>like his name. Alexa tried to confirm. The couple didn't notice,

0:02:26.600 --> 0:02:29.680
<v Speaker 1>said something that Alexa construed as a confirmation, went on

0:02:29.800 --> 0:02:32.760
<v Speaker 1>with their conversation. Alexa recorded it, then sent it off

0:02:32.760 --> 0:02:34.880
<v Speaker 1>to the guy, who then called the couple and said,

0:02:34.919 --> 0:02:37.320
<v Speaker 1>you're being hacked. Now, a lot of things did go

0:02:37.440 --> 0:02:39.680
<v Speaker 1>wrong here for this particular case to happen, but the

0:02:39.720 --> 0:02:43.400
<v Speaker 1>bottom line is this Alexa with all smart speakers, they

0:02:43.400 --> 0:02:46.040
<v Speaker 1>mishear commands all the time. I see my Google Home

0:02:46.080 --> 0:02:48.400
<v Speaker 1>slide up when I'm not saying the hot word. But

0:02:48.440 --> 0:02:50.880
<v Speaker 1>there's also a bigger problem here. You would think that

0:02:50.960 --> 0:02:53.280
<v Speaker 1>to prevent this from happening in the future, you would

0:02:53.360 --> 0:02:56.480
<v Speaker 1>just be able to disable the messaging feature completely, or

0:02:56.520 --> 0:02:58.519
<v Speaker 1>if you can't do that, delete the contacts out of

0:02:58.560 --> 0:03:01.280
<v Speaker 1>your Alexa app so Alexa can't call them or message them.

0:03:01.280 --> 0:03:04.600
<v Speaker 1>But guess what. You can't do either of these things easily.

0:03:04.800 --> 0:03:07.720
<v Speaker 1>To disable the messaging feature or delete your contacts off

0:03:07.760 --> 0:03:11.280
<v Speaker 1>Amazon servers. Both of these things require a phone call

0:03:11.400 --> 0:03:14.280
<v Speaker 1>or at least a chat with Amazon's customer service team,

0:03:14.560 --> 0:03:17.880
<v Speaker 1>and that is the real problem here. Once Alexa imports

0:03:17.880 --> 0:03:20.200
<v Speaker 1>your contacts, you really can't pry them out of her

0:03:20.280 --> 0:03:23.560
<v Speaker 1>virtual hands. Amazon needs to change this asap, and I

0:03:23.600 --> 0:03:26.480
<v Speaker 1>assume they're going to do that very soon, or at

0:03:26.520 --> 0:03:29.120
<v Speaker 1>least give people some sort of easy way to toggle

0:03:29.160 --> 0:03:32.600
<v Speaker 1>messaging with Alexa on and off. Some mistakes like this

0:03:32.760 --> 0:03:35.640
<v Speaker 1>don't happen again. Thanks so much for listening to the podcast.

0:03:35.680 --> 0:03:37.560
<v Speaker 1>If you like what I'm doing here, please leave me

0:03:37.600 --> 0:03:40.800
<v Speaker 1>a review in the Apple Podcasts app. That way more

0:03:40.840 --> 0:03:43.839
<v Speaker 1>people discover the podcast. I'm Rich Tamiro. You can find

0:03:43.840 --> 0:03:45.480
<v Speaker 1>links to everything I talk about here. Plus, if you

0:03:45.520 --> 0:03:48.800
<v Speaker 1>want to see my video demo of the Alexa messaging feature,

0:03:49.080 --> 0:03:52.160
<v Speaker 1>just go to richon tech dot tv. I'm Rich Samiro.

0:03:52.320 --> 0:03:53.560
<v Speaker 1>I'll talk to you real soon.