The specialist listed the main vulnerabilities of smart speakers

Smart speakers are becoming part of the user's digital ecosystem and may be of interest to intruders not only as devices with a microphone. On March 12, the product director of Staffcop, an information security expert at Kontur, told Izvestia about possible risks and protection methods.Aegis" by Daniil Borislavsky.

According to him, the main threat is related not so much to the possibility of domestic surveillance, but rather to access to related services and user data. Through a speaker, a management application, or a cloud account, attackers can collect information about the owner's activity and the services used.

"The risk here is that the speaker is embedded in a broader digital environment and can be used as an entry point to related services and devices. Through a management application, cloud account, or related infrastructure, you can access user services and collect data for further attacks," Borislavsky said.

The expert explained that vulnerabilities can occur at different levels. Among them are errors in the device's firmware, weak authentication, vulnerabilities in the mobile application or cloud API, as well as typical home infrastructure problems. We are talking, for example, about poorly protected Wi-Fi, a compromised router, the use of identical passwords and the lack of two-factor authentication.

Appearance with passwords: every second hacker attack leads to data leakage in companies

What is the reason for the increase in attacks and how businesses can improve security?

You can access the speaker both remotely and through physical contact with the device. However, according to the expert, the remote scenario remains the most likely. It may be related to hacking a user's account or exploiting vulnerabilities in the manufacturer's firmware, application, or cloud service. Physical access is also a threat because it allows you to change settings or reconnect the device, but such cases are less common.

To reduce the risks, the expert recommends treating the smart speaker as a full-fledged network device. In particular, use a unique password for the account, enable two-factor authentication, and regularly update the firmware, mobile application, and router software. You should also monitor the list of linked services and devices and disable unnecessary integrations.

Borislavsky noted that it is not always easy to recognize hacking. Possible signs include spontaneous activation of the speaker, unknown commands in the history, changes in settings without the owner's participation, the appearance of new tethered devices, or strange behavior of smart home scenarios.

"If there is a suspicion of compromise, you need to change the password of the linked account, end active sessions, enable two—factor authentication, check bindings and updates, and, if necessary, reset the device to factory settings," the specialist concluded.

Alexander Vurasko, Director of Development at the Solar AURA External Digital Threat Monitoring Center of the Solar Group of Companies, noted on March 5 that smart devices make life more convenient, but it is important to keep in mind security issues. According to him, many of these gadgets are connected to the Internet and may be vulnerable to hackers, so when choosing a gift, you should pay attention to manufacturers with a good reputation and regular software updates.

All important news is on the Izvestia channel in the MAX messenger.