Dem lawmaker raises concerns over 'eavesdropping' smart speakers

Dem lawmaker raises concerns over 'eavesdropping' smart speakers
© Greg Nash

Rep. Debbie DingellDeborah (Debbie) Ann DingellDemocrats demand FCC act over leak of phone location data Democratic lawmakers, 2020 candidates pay tribute to Conyers Hillicon Valley: Facebook launches 'News Tab' | Senate passes bill to take on 'deepfakes' | Schumer outlines vision for electric cars MORE (D-Mich.) in letters to Amazon and Google this week raised concerns that smart speakers are "eavesdropping" on customers without their consent.

In a pair of letters on Thursday, Dingell pressed Amazon executive Jeff BezosJeffrey (Jeff) Preston BezosOvernight Defense: Erdoğan gets earful from GOP senators | Amazon to challenge Pentagon cloud contract decision in court | Lawmakers under pressure to pass benefits fix for military families Amazon to challenge Pentagon's 'war cloud' decision in federal court Bloomberg's path to the convention — and beyond MORE and Google CEO Sundar Pichai over how they vet applications running on Amazon's Alexa and Google Assistant.

ADVERTISEMENT

"These smart speakers and the advancement of speech recognition technology represent an incredible convenience for consumers, allowing them to bypass screens and for those with physical disabilities to access the internet like everyone else," Dingell wrote in the letters.

"But the same feature that contributes to that [convenience], not having a screen, also eliminates an important feedback loop for consumers to understand how these applications are performing and puts your company in an even greater position to look after consumers well-being," she wrote.

Her letter comes in response to research from SRLabs that found hackers could take advantage of Google and Amazon smart speakers to eavesdrop or steal passwords from users. The researchers uploaded malicious software to the smart speakers, successfully getting them to obtain recordings.

There is no evidence that the vulnerability has been exploited by real-world hackers.

"Recently a number of articles were published regarding research done by a German cybersecurity company SRLabs in which researchers created apps that passed both Google and Amazon security-vetting processes and allowed the app to eavesdrop on users as well as phish for their passwords," Dingell wrote.

"While these apps were created and used only for research purposes, there is potential for either copycat apps or that malicious actors have already used these techniques to target consumers and their personal information," she added.

She is asking a series of questions, including how Amazon and Google are "addressing apps like this from being able to obtain" information moving forward, and how they are getting ahead of hacking attempts.

Amazon and Google did not immediately respond to The Hill's request for comment. 

Lawmakers are becoming more invested in cybersecurity and privacy concerns around artificial intelligence technologies like those used within smart speakers. Last month, Republicans Sens. Marco RubioMarco Antonio RubioGOP senators plan to tune out impeachment week Republicans warn election results are 'wake-up call' for Trump Paul's demand to out whistleblower rankles GOP colleagues MORE (Fla.), Tom CottonThomas (Tom) Bryant CottonTom Cotton's only Democratic rival quits race in Arkansas Schumer concerned by Army's use of TikTok, other Chinese social media platforms Progressive freshmen jump into leadership PAC fundraising MORE (Ark.) and Josh HawleyJoshua (Josh) David HawleyTrump circuit court nominee in jeopardy amid GOP opposition GOP senator wants to know whistleblower identity if there's an impeachment trial Hillicon Valley: California AG reveals Facebook investigation | McConnell criticizes Twitter's political ad ban | Lawmakers raise concerns over Google takeover of Fitbit | Dem pushes FCC to secure 5G networks MORE (Mo.) demanded answers from Google about its work to develop a smart speaker with Chinese telecommunications group Huawei.

Dingell is a member of the House Energy and Commerce Committee, which is engaged in efforts to draw up the country's first comprehensive federal privacy law.