Dem lawmaker raises concerns over 'eavesdropping' smart speakers

Dem lawmaker raises concerns over 'eavesdropping' smart speakers
© Greg Nash

Rep. Debbie DingellDeborah (Debbie) Ann DingellMaking waves to protect America's waters Trump suggests LBJ is in hell: 'He's probably looking down — or looking up' 10 controversies that rocked the Trump White House in 2019 MORE (D-Mich.) in letters to Amazon and Google this week raised concerns that smart speakers are "eavesdropping" on customers without their consent.

In a pair of letters on Thursday, Dingell pressed Amazon executive Jeff BezosJeffrey (Jeff) Preston BezosAmazon's 0K donation to Australian fire relief draws criticism World's richest 500 people saw their wealth jump 25 percent in 2019 Top 2020 Democrats target Amazon while spending big money on it: report MORE and Google CEO Sundar Pichai over how they vet applications running on Amazon's Alexa and Google Assistant.

ADVERTISEMENT

"These smart speakers and the advancement of speech recognition technology represent an incredible convenience for consumers, allowing them to bypass screens and for those with physical disabilities to access the internet like everyone else," Dingell wrote in the letters.

"But the same feature that contributes to that [convenience], not having a screen, also eliminates an important feedback loop for consumers to understand how these applications are performing and puts your company in an even greater position to look after consumers well-being," she wrote.

Her letter comes in response to research from SRLabs that found hackers could take advantage of Google and Amazon smart speakers to eavesdrop or steal passwords from users. The researchers uploaded malicious software to the smart speakers, successfully getting them to obtain recordings.

There is no evidence that the vulnerability has been exploited by real-world hackers.

"Recently a number of articles were published regarding research done by a German cybersecurity company SRLabs in which researchers created apps that passed both Google and Amazon security-vetting processes and allowed the app to eavesdrop on users as well as phish for their passwords," Dingell wrote.

"While these apps were created and used only for research purposes, there is potential for either copycat apps or that malicious actors have already used these techniques to target consumers and their personal information," she added.

She is asking a series of questions, including how Amazon and Google are "addressing apps like this from being able to obtain" information moving forward, and how they are getting ahead of hacking attempts.

Amazon and Google did not immediately respond to The Hill's request for comment. 

Lawmakers are becoming more invested in cybersecurity and privacy concerns around artificial intelligence technologies like those used within smart speakers. Last month, Republicans Sens. Marco RubioMarco Antonio RubioApple under pressure to unlock Pensacola shooter's phones Senators offer bill to create alternatives to Huawei in 5G tech Surging Sanders draws fresh scrutiny ahead of debate MORE (Fla.), Tom CottonThomas (Tom) Bryant CottonHillicon Valley: Lawmakers say Facebook deepfake ban falls short | House passes bills to win 5G race | Feds sound alarm on cyberthreat from Iran | Ivanka Trump appearance at tech show sparks backlash Cotton introduces bill blocking intel sharing with countries relying on Huawei for 5G GOP senators introduce resolution to change rules, dismiss impeachment without articles MORE (Ark.) and Josh HawleyJoshua (Josh) David HawleyHawley expects McConnell's final impeachment resolution to give White House defense ability to motion to dismiss Biden calls for revoking key online legal protection House poised to hand impeachment articles to Senate MORE (Mo.) demanded answers from Google about its work to develop a smart speaker with Chinese telecommunications group Huawei.

Dingell is a member of the House Energy and Commerce Committee, which is engaged in efforts to draw up the country's first comprehensive federal privacy law.