Dem lawmaker raises concerns over 'eavesdropping' smart speakers

Dem lawmaker raises concerns over 'eavesdropping' smart speakers
© Greg Nash

Rep. Debbie DingellDeborah (Debbie) Ann DingellMichigan Rep. Debbie Dingell easily wins House primary Court orders release of Black Michigan teen who was jailed for missing schoolwork Lobbying world MORE (D-Mich.) in letters to Amazon and Google this week raised concerns that smart speakers are "eavesdropping" on customers without their consent.

In a pair of letters on Thursday, Dingell pressed Amazon executive Jeff BezosJeffrey (Jeff) Preston BezosHillicon Valley: GOP lawmaker says 'no place in Congress' for QAnon after supporter's primary win | Uber CEO says app could temporarily shutdown in California if ruling upheld | Federal agency warns hackers targeting small business loan program Top Republican criticizes Twitter's briefing on massive hack To save the Postal Service, bring it online MORE and Google CEO Sundar Pichai over how they vet applications running on Amazon's Alexa and Google Assistant.

ADVERTISEMENT

"These smart speakers and the advancement of speech recognition technology represent an incredible convenience for consumers, allowing them to bypass screens and for those with physical disabilities to access the internet like everyone else," Dingell wrote in the letters.

"But the same feature that contributes to that [convenience], not having a screen, also eliminates an important feedback loop for consumers to understand how these applications are performing and puts your company in an even greater position to look after consumers well-being," she wrote.

Her letter comes in response to research from SRLabs that found hackers could take advantage of Google and Amazon smart speakers to eavesdrop or steal passwords from users. The researchers uploaded malicious software to the smart speakers, successfully getting them to obtain recordings.

There is no evidence that the vulnerability has been exploited by real-world hackers.

"Recently a number of articles were published regarding research done by a German cybersecurity company SRLabs in which researchers created apps that passed both Google and Amazon security-vetting processes and allowed the app to eavesdrop on users as well as phish for their passwords," Dingell wrote.

"While these apps were created and used only for research purposes, there is potential for either copycat apps or that malicious actors have already used these techniques to target consumers and their personal information," she added.

She is asking a series of questions, including how Amazon and Google are "addressing apps like this from being able to obtain" information moving forward, and how they are getting ahead of hacking attempts.

Amazon and Google did not immediately respond to The Hill's request for comment. 

Lawmakers are becoming more invested in cybersecurity and privacy concerns around artificial intelligence technologies like those used within smart speakers. Last month, Republicans Sens. Marco RubioMarco Antonio RubioThe Memo: Trump attacks on Harris risk backfiring Pentagon forming task force to investigate military UFO sightings How Congress could diminish the risks with Electoral College count MORE (Fla.), Tom CottonTom Bryant CottonRussian news agency pushed video of Portland protestors burning a Bible: report Davis: The Hall of Shame for GOP senators who remain silent on Donald Trump China sanctioning Rubio, Cruz in retaliatory move over Hong Kong MORE (Ark.) and Josh HawleyJoshua (Josh) David HawleyDavis: The Hall of Shame for GOP senators who remain silent on Donald Trump China sanctioning Rubio, Cruz in retaliatory move over Hong Kong The Hill's Morning Report - Presented by Facebook - Negotiators signal relief bill stuck, not dead MORE (Mo.) demanded answers from Google about its work to develop a smart speaker with Chinese telecommunications group Huawei.

Dingell is a member of the House Energy and Commerce Committee, which is engaged in efforts to draw up the country's first comprehensive federal privacy law.