Tech. Science. Culture.
We may earn a commission from links on this page

Amazon's Alexa Is Not Even Remotely Secure and I Really Don't Care

We may earn a commission from links on this page.

Forty-eight Cadbury Creme Eggs are en route to my house and it’s all Alexa’s fault.

Alexa is incredibly useful. It gives you the weather as you stumble to the bathroom in the morning, and the news as you stumble back to your bedroom. It plays smooth jazz for your dog when you’re away and sets timers for your roommate when she’s baking. It turns off lights and it lets you order the Amazon Echo Dot with a simple request.

And today it let my roommate order forty-eight Cadbury Creme Eggs on my account. Despite me not being home. Despite us having very different voices.


Alexa is burrowing itself deeper and deeper into owners’ lives, giving them quick and easy access not just to Spotify and the Amazon store, but to bank accounts and to do lists. And that expanded usability also means expanded vulnerability.

Devices that currently use Alexa—the Amazon Echo and Amazon Fire TV—can’t tell the difference between voices. Which means anyone who has access to your home has access to every single account you’ve linked to Alexa. Kids can reorder their favorite candy, friends can inquire about your bank balance, and roommates can waste your money on a lark.


Those risks are the cost of embracing the Internet of Things. In the pursuit of convenience we have to sacrifice privacy...and hope guests aren’t tacky enough to ask our live-in robot about our bank balance.

Apart from Alexa’s willingness to do whatever anybody asks, it’s actually fairly secure. I spoke with Robert Graham from Errata Security, a security consultant agency, and he said that as an IoT device Amazon has “done a fair job securing the device with no obvious backdoors.”


“However,” he warned, “that can easily change on their next software update.”


The real concern for a lot of people, Graham noted, isn’t security as much as it’s privacy. Alexa devices include microphones that are always on, listening. It’s like willingly bugging your own home and hoping no one tunes in.

Early last year there was a kerfuffle when Samsung admitted that their TVs were always listening and maybe always actually recording information. They even asked that Smart TV owners not say anything in front of their TVs that they wouldn’t say in public.


Alexa’s ability to listen and record isn’t quite as terrifyingly intrusive. Amazon insists that it only sends records of what it heard back to headquarters when it hears the activation command, “Hey Alexa.”

But that won’t stop a major problem that Graham foresees and Apple is currently wrestling with. Law enforcement.


“It’s likely that laws will be passed that will allow the police to remotely activate these devices and eavesdrop on suspects,” Graham says, “pretty much as described in the book 1984.”

Maybe it’s growing up with law enforcement personnel for parents, or maybe it’s because I’m painfully mindful of how boring my home life is, but I don’t especially care. Like, I’d like to. I know a lot of people who genuinely value their privacy, but I was confessing major lusts in AOL chatrooms in my early teens, detailing personal tragedies on Livejournal in my late teens, and announcing my bowel movements on Facebook in my 20s.


I, and many people in my generation and younger, do not value privacy. We willingly sacrifice it, often for popularity on social networks. And now for convenience sake within the Internet of Things.

Sorry George Orwell. I don’t give a fuck.