Amazon Echo is a smart home device that lets you use simple voice commands to play favorite songs, get news and weather updates, make purchases, even complete household tasks and much more. Its voice assistant, Alexa, has become synonymous with “saves time and energy.” But, is the Echo’s all-knowing utility a double-edged sword for your privacy and online safety?

Protect yourself from unauthorized use, privacy breaches and stay out of reach for would-be internet criminals using these Amazon Echo safety precautions.

How to prevent unauthorized use and protect your privacy

Your Amazon Echo knows a lot about you and has the ability to do a lot of things on your behalf, everything from making a purchase and unlocking your doors to reading your emails and accessing your videos and images.

Though Amazon is developing improved voice recognition controls for the Echo, you’re still not 100 percent protected from unauthorized purchases made by your kids or other household members. Even a TV commercial could cause your Echo make an unauthorized purchase.

The solution? Lock your Echo down. It’s simple; just follow these six tips.

1. Turn off voice input. Use Alexa voice remote instead.

amazon-echo-mute-buttonThe Echo has a mute button on its top; use that to turn off voice input. You should also keep voice input off when you’re away from home.

You can still use your Echo device on mute, using your Alexa Voice Remote. The Alexa Voice Remote doesn’t require the wake word, just press and hold the talk button, wait for a sound and then give your command.

2. Change your Echo’s wake word.

This solution is limited. You only have four wake words to choose from: Alexa, Amazon, Echo or Computer.

To change the wake word, open your Alexa app, go to ‘Settings’, then your ‘Device’, and then choose ‘Wake Word’.

3. Use PIN protection or disable voice purchases.

To prevent your kids, the TV or anyone else from using your Echo device for unauthorized purchases, set up a PIN to control voice purchases. Change your PIN from time to time or only make purchases when you’re sure no one is listening.

To set up your voice PIN, open your Alexa app, head to ‘Settings’, and then to ‘Voice Purchasing’. Alternatively, you may disable voice purchasing altogether.

4. Turn on your device’s sound notification.

Your Echo’s default setting has sound notifications turned Off. Switch the Echo’s sound notification On to help alert you if your device is accidentally triggered. Here’s how to do it:

  • Select ‘Settings’ in the main menu of the Alexa app
  • Next, select your Echo by name in ‘Alexa Devices.’ You can configure multiple Echos differently if you have more than one device.
  • Then, adjust the toggle switches when you choose ‘Sounds & Notifications.’ You may choose to play sounds at the start and/or end of requests.

5. Place your Echo away from windows and doors.

Keep your Echo away from windows and doors; this way it’s not accidentally triggered by passers-by. It’s also polite to be sure to use your Echo where it’s not a nuisance to your neighbors.

6. Review and delete your interactions with Alexa.

Amazon stores your interactions with the Echo in order to improve the device’s performance and Alexa’s accuracy at interpreting user commands. For extra privacy, you can review and delete your communication with Alexa — yes, Amazon lets you do it.

Here’s how to delete your communication with Alexa:

  • Delete specific voice recordings. Go to your ‘Settings’, then to’History’ in the Alexa App. Drill down for a specific entry, then tap the delete button.
  • Delete all of your voice recordings. Go to Manage Your Content and Devices page at www.amazon.com/mycd, then click on the ‘Your Devices’ tab and select the corresponding button under Actions for your Echo or other Alexa-enabled devices. Next, select ‘Manage voice recordings’ and click ‘Delete’. You may also contact Amazon’s customer service to and request to delete all voice recordings, explains Amazon.

The six privacy tips above (and some common sense) should help you avoid a local privacy breach at home and prevent unauthorized use within your four walls. But that’s not the end. Your device could still be vulnerable to a well-engineered cyber attack. What’s next is how to keep your Amazon Echo safe from cyber threats. Read on.

Amazon Echo and cybersecurity

There’s an alarming need for privacy and safety when using internet connected devices like Amazon Echo. Data breaches across the globe will cost $2.1 trillion in 2019. Do you remember the distributed denial of service (DDoS) attack of 2016? Hackers interrupted the internet for a day using a malware called Mirai. The Mirai attackers hacked and used internet connected devices (referred to as IoT devices), including routers and DVRs, for their onslaught. Hint: your Amazon Echo is an internet connected device, too.

Security expert, Cris Thomas of Tenable Network Security says, “Privacy and security of IoT is big right now following recent attacks like the Mirai botnet and malware targeting specific brands of smart TVs. While I can’t speak with authority on Alexa specifically, one of the privacy risks of IoT devices is that they are always listening.”

Although cyber attacks like these haven’t succeeded to date in targeting the Amazon Echo, strains of malware are advancing and might eventually catch up with the device. Elaborate cyber attacks like Mirai aren’t the only security concern out there, either.

Certain search engines (like Shodan) scan public networks for unprotected devices (i.e. internet connected devices that use default usernames and passwords), then they feed these devices to the public so that anyone, anywhere can access those devices remotely. Using default usernames and passwords is like leaving your car unlocked in a dangerous neighborhood and announcing it openly to thieves.

How to protect your Amazon Echo from cyber threats

Fortunately, there are some really simple steps you can take to protect your Amazon Echo from cyber criminals. Use these security tips to keep your Echo and other internet-connected devices safe.

Change your default Wi-Fi password.

Though your Echo doesn’t need a login password, the WiFi it operates on does. Be sure change your WiFi password, and make it something difficult to guess or decrypt. Privacy and information security experts at the University of Illinois recommend the following:

  • Make your passwords eight characters long or more — preferably more.
  • Avoid using single dictionary words (a mix of six or more words is good).
  • Blend in upper and lower case letters into your password.
  • Use numbers and symbols (like !, #, %, ^, $, +, etc)

Always use a secure internet connection.

Connect your Echo to a secure internet connection that is password protected. Using a public or shared WIFI networks with your device is not recommended and could you expose you to security threats.

You may also use a virtual private network (VPN) to encrypt your internet access. Encrypted internet access secures the information exchanged between your device and Amazon’s cloud storage. Most credible VPN services support routers. So whether you connect your Amazon Echo to the internet via mobile WiFi or your home router your internet connection remains secure.

Even with a secure internet connection, you may want to disconnect your Amazon Echo from the internet when it’s not in use, just to be extra safe.

Install updates.

Always keep your Echo updated. Whenever your Echo’s software or Alexa app calls for an update, or a third-party app requires updating, do it. Devices that are not regularly updated are more vulnerable to malware, ransomware, and other security threats.

Review Alexa Skills and keep installs to a minimum.

Cut down on the bells and whistles. Assess every Alexa Skill THOROUGHLY before installing or using it. Third-party software may increase your exposure to attack. If you’ve already packed your device full with Skills, edit your list with no remorses — keep only Skills that multiply your productivity. Then, remember to regularly delete Skills you don’t use on a regular basis.

Wrap Up: Amazon Echo Privacy and Security

Give yourself the privacy and security to enjoy your Amazon Echo. Take these safety precautions when using your device:

  1. Turn off voice input and use Alexa Voice Remote instead
  2. Change the Echo’s wake word
  3. Use PIN protection or disable voice purchases
  4. Review and delete your interactions with Alexa
  5. Turn on your device’s sound notification
  6. Place your Echo away from windows and doors
  7. Take additional steps to keep your Echo safe from cybersecurity threats

Your Amazon Echo helps makes your life easier in many ways, but it still needs a little help from you to ensure you’re safe from security threats. Use the privacy and security tips outlined above to help your hardworking assistant keep your personal information safe.

Feature image//Creative Commons by turoczy, licensed under CC0 1.0//