Security awareness

Secure Use Tips for Intelligent Personal Assistants (IPAs)

August 29, 2017 by Infosec

Intelligent personal assistants (IPAs) are gaining substantial traction among the giants of the tech world. And for good reason: The technology has garnered a reputation for being the poster child for artificial intelligence (AI). If we acknowledge the hardly disputable fact that machine intelligence has an upward trajectory in terms of widespread usage and adoption, we have to admit the same about IPAs.

Today’s major IPAs are predominantly used to relieve the burden of inconvenience. Don’t have the time to write a text to your friend? Ask Siri to do it (just remember to be nice to her). Want to switch on the lights without getting off the couch? Alexa might be able to help you with that. Microsoft’s Cortana goes even further by managing your work files on your PC to relieve you of some of your woes at the workplace.

But, as Grand View Research points out, we are only scratching the surface with IPAs. It won’t be too long before businesses begin to outsource their marketing functions like social media promotion to IPAs instead of low-cost labor, because low-cost isn’t free. This would enable them to get rid of overhead and focus more closely on improving the actual product/service. Even critical industries like healthcare are set to receive benefits from IPAs, which means we should take their security more seriously than ever.

In this piece, we will outline some useful tips and tricks that could be used to make your IPAs more secure. Specific security precautions are included for the most popular IPAs, in addition to some general advice so that you can enjoy the best of AI, without exposing your private data to any digital highway robberies.

Apple’s Siri

Siri was the original force behind popularizing IPAs. It is a testament to Apple’s influence over the adoption of new technologies that, soon after Siri was launched, serious work began on the development of its major competitors. And, while some of those competitors might actually be more useful today, at least in some specific instances, Siri is still going strong.

By allowing Siri to interact with third-party applications, Apple gave a green light to developers to play with the technology in ways it could never achieve on its own. Now, you can use Siri to book Lyft rides, send WhatsApp messages, and post reviews on Yelp, among other things.

As one’s interaction with Siri increases, more of their sensitive information is vulnerable to hackers targeting the IPA. You can make your experience more secure in the following ways:

  • By default, Apple has Siri enabled on the iPhone’s lock screen. This is great for saving tiny pockets of time now and again, but it is not the most secure configuration if you value your data. Apple does have some measure of security, as in the case of HomeKit door locks, after a public embarrassment forced its hand. But, generally speaking, intruders can make Siri give up contact details, social media information, and your own phone number by exploiting this loophole. To close off this route to hackers, go to “Settings” and choose “Touch ID and Passcode.” In the “Allow Access When Locked” sub-menu, toggle OFF Siri, which should be set to ON by default. Also ensure that the “Require Passcode” option is set to “” Now Siri can be accessed only after the user has entered the correct passcode for the phone.
  • Another useful tip is to let Siri recognize your own voice, instead of communicating with anyone asking her questions on your phone. This adds an additional layer of security to your interactions, although a thin one, given the nascent state of voice recognition. Still, better safe than sorry. To do this, go to “Settings,” and select “” Choose “Siri,” where you will find “Hey Siri.” Toggle this option, and you will be asked to repeat “Hey Siri” exactly three times to your phone. Now Siri will respond only to your voice.
  • Finally, just make sure to follow these tips on all of your Apple devices. Remember, Siri not only works with the iPhone, but also the iPad and MacBook. If you have any of these devices, follow the same precautions, as the connectivity of Apple’s ecosystem can allow for a breach in your phone, even via your iPad.

Amazon Alexa

Amazon’s Echo smart speaker is, by far, the most popular smart home hub, thanks in large part to Alexa. The AI assistant does everything you want it to do; control lighting, air conditioning, appliances, door locks and entertainment devices. It is also the primary culprit for making IoT (Internet of Things) devices go mainstream.

This level of access, while wonderful in your own hands, can be exactly the opposite in the event of a hack. Imagine your door locks not being in your own control, even for a moment. And now extend that terrifying feeling to every other automated function controlled by Alexa in your house.

So, to keep your sanity in check, follow these tips:

  • Alexa is known for her sharp ears. But she doesn’t need to listen to everything all the time. In fact, according to security experts like Cris Thomas of Tenable Network Security, IoT devices are insecure precisely because they are always listening. So, you should always turn the Echo microphone (located at the top of the speaker) off when not using Alexa. This tip alone should make your life much easier and less complicated.
  • Maintain your Amazon search history regularly. This can be achieved easily enough by hopping on over to Amazon’s site, and selecting “Manage my device.” A little housekeeping can go a long way in preventing future despair.
  • Another trivial, yet useful, thing to do is to change the wake word on your Echo to something other than the default “” Your only other options are “Amazon” and “Echo,” which is a shame, and we hope Amazon has something in the works to add more personalized wake words to make Alexa even further secure.
  • Being the brainchild of the world’s largest online retailer, one of Alexa’s major strengths is online shopping. This feature, known as “voice purchasing,” lets users shop through voice commands. To make your shopping spree safer, set up a voice purchasing PIN on your Echo. You can do this by going into the Alexa app’s “Settings” tab, and choosing “Voice Purchasing.” Set up a four-digit PIN in the “Require confirmation code”; you will be required to speak out this PIN before every purchase using Alexa.

Google Assistant

The crown jewel of Google’s home automation system is Google Assistant. Housed inside Google Home, the AI is powered by the expertise behind the world’s largest search engine. Though not as popular as Alexa, Google Assistant is still used by many, who should make the IPA air-tight by doing the following:

  • Just like the Echo, Google Home has an ever-listening ear. So, when not using the device, turn the microphone off.
  • There’s a good chance that, if you have Google Assistant, your search engine of choice is Google. So, it’s always better to check your history, and delete whatever you deem could be dangerous if it gets in the wrong hands.
  • Google Home has LED lights that shift color when listening in on you. Be wary of the chromatic changes on the device, as it might be your cue that the device is listening something you don’t want it to.
  • You are also advised to check out and refine the security settings in your Google account. Google lets users fine-tune permissions and access, which could be very useful in repelling attacks. This is also useful for wiping out old commands. All settings can be fiddled with in the “My Activity” section of your Google account.

General Tips

  1. For starters, do not let strangers handle your smart devices. This is a more general precaution, and applies to anything from your phone and smart speaker to your laptop. There is a good reason why social engineering is the most popular method of hacking – because it’s so easy.
  2. Use only trusted third-party applications. You should steer clear of even remotely suspicious applications promising to make your life better if you give them access to your IPA. The risks are astronomical for anyone who values their privacy.
  3. Make sure to place your smart home hubs away from windows. As much as you might want to, if only for the purpose of looking cool, don’t let any outsiders know you are rocking a home automation system.
  4. Do not link any sensitive accounts to your IPA. Particularly, accounts related to money and finances. On some devices, like Google Home, this could prove to be highly relevant, as the device has simply no way of recognizing individual voices, and will spill out bank details if it has access to them.


It is all too understandable to fall for the seduction of IPAs; after all, they are programmed to achieve that. But you should also be aware of the ways in which their use can lead to unintended consequences. Some IPAs, like Siri and Google Now, have a plethora of your personal information, which can easily slip out if you’re not careful. Others, like Alexa, have their utility in smart homes and IoT devices. These devices have been used in the past to launch serious attacks, like the one on DNS provided Dyn. This means that, even though Amazon reassures users of Alexa’s robust security, it is still susceptible to a breach if the hackers have enough motivation and resources. Given these facts, it is imperative to follow safety precautions, as simple and trivial as they might seem, so that you don’t have to pay non-trivial costs.

Please check out SecurityIQ, sign up for free, and start using our interactive AwareEd Security Awareness Modules to increase your online security savvy!

Posted: August 29, 2017
View Profile