Skip to main content

'Alexa, Open That Door!' What If Voice Assistants Get Hacked?

Your smart home could be a target for sophisticated malware in 2019, according to predictions from antivirus maker McAfee.

The Alexa-controlled Netgear Orbi Voice wireless router. Credit: Netgear

(Image credit: The Alexa-controlled Netgear Orbi Voice wireless router. Credit: Netgear)

As part of its 2019 threat predictions, McAfee believes that next year's attacks will target connected-home and Internet of Things gadgets. Smartphones, tablets and routers may continue to be entry point, but the biggest threat may come from voice assistant devices such as Amazon Echo or Google Home.

"Smartphones have already served as the door to a threat," the report notes. "In 2019, they may well become the picklock that opens a much larger door.

"Malware authors will take advantage of phones and tablets, those already trusted controllers, to try to take over IoT devices by password cracking and exploiting vulnerabilities," the report adds. "These attacks will not appear suspicious because the network traffic comes from a trusted device."

MORE: Best Antivirus Software and Apps

Home wireless routers, millions of which go unpatched for security flaws, will continue to be an entry point for attackers, as we have already seen with the Mirai botnet and other widespread router attacks.

"But the real key to the network door next year will be the voice-controlled digital assistant,"the McAfee report predicts. "The attraction for cybercriminals to use assistants to jump to the really interesting devices on a network will only continue to grow."

McAfee predicts that a cybercriminal could compel one voice-enabled device to order another to open your locks and windows, perhaps with the command "Assistant! Open the back door!"

In truth, this sounds a bit impractical, since few homes have more than one voice-assistant device. It seems more likely that crooks might break into your Alexa or Google Home account to control these devices remotely.

So is it time to throw out your smart tech? Not quite yet. The company says you can mitigate this risk by installing security software on your phone, and making sure you've changed the usernames and passwords on your routers and smart gadgets to something other than the factory-default credentials.