You Probably Told Alexa Where You Live
Yes, Alexa knows where you live – because you told it.
Bloomberg news recently posted a headline for a story they’re working on about how Alexa – according to folks in the know at Amazon – can tell where you’re physically located when you use the device. This is actually true, but not because the device is spying on you; rather because you told the device where it is located on several occasions and it has remembered.
While there are a lot of reasons to be concerned with the amount of information smart devices like Google Home and Alexa can collect about us – and more importantly how the companies that manage these devices will use that data – it’s vitally important not to over-inflate specific concerns like this headline does. Focusing on concerns such as location information when Amazon is quite clear about knowing that information takes focus away from much more pressing concerns about how data that’s collected all the time (since the devices are always listening) can be used or mis-used.
To clarify this particular concern, let’s look at the four ways Alexa can figure out where you physically are, and how Amazon isn’t breaking either laws (in the USA) or confidences in collecting that information:
1 – Alexa is tied to your Amazon account. Since you would have given at least a primary mailing address to Amazon when you signed up, Alexa has a fairly good idea where the device in question is going to be used. Sure, you may have moved or given a work address instead of a home address, but the odds are on their side. This is especially true if you use Amazon for other purchases and have things delivered.
2 – The Alexa App. When you use the Alexa App on your smartphone, you are asked to allow location tracking for weather and other location-specific updates. If you said Yes to that request, then the Alexa device also has access to that information (the app shares information with the device itself).
3 – Alexa is connected to the Internet. Even without accurate GPS access on your smartphone, any device connected to the Internet has an Internet Protocol (IP) address assigned to it. This allows it to communicate with other devices in other parts of the Internet and is the basis for online networking. IP addresses cannot generally give very specific physical location information, but they can get pretty close. Google “what’s my location” and Google maps will show where you are based on the IP address assigned to your current physical building (home, office, etc.).
4 – You told Alexa yourself. Many of Alexa’s services are tied to general physical locations. When you set up the device or made changes to the settings, you told the system where you are for weather reports and local news – as just two examples. Knowing what ZIP or Postal Code you’re in can go a long way toward figuring out your location. Emergency dialing, Voice Calling and Messaging, and Alexa’s “Drop-In” services all require you to give a physical address. Again, you can give a different address than where you really are, but most of us gave the address where the device itself is located.
In the end, smart devices do indeed pose security challenges. These get compounded if those devices also control things like your locks or car ignition. There are also some real questions about how this information is utilized. Is Amazon identifying your location for services that are supposed to be anonymous, for example? Overall though, it’s important to not over-inflate specific issues that are voluntary and/or necessary for the device to work with security issues that shouldn’t exist in the first place. Remember that smart devices are online, meaning they can communicate with anything they want and/or that you tell them you want to communicate with. Be wary of requests for permissions, turn off features and services you don’t use or don’t want to use, and become knowledgeable on the basics of how these devices operate and what that means they can do. Armed with that information, you can make valid and real decisions on if you want them in your home or office; and if you are OK with what they can see and hear while they’re there.
Written by Mike Talon
Mike Talon is a Cybersecurity Architect and journalist in New York City. His experience has allowed him to help companies from mom and pop shops to Fortune 500 organizations. Currently, he’s working for SkOUT Secure Intelligence assisting customers of all sizes find the right Cybersecurity protocols and tools to keep them safe.