Amazon Echo 'Drop In' Feature Prompts Fears Of Easy Eavesdropping
SAN FRANCISCO (CBS SF) -- As voice-based "personal assistants" are becoming ubiquitous in modern, connected American homes, so is the feeling they might be listening in on people when they least expect it or want it.
Amazon Echo, Dot and Show users know that Alexa is always listening. With a simple command she can turn on your lights, play music and even order pizza.
But do you know who else might be listening in to everything going on in your home?
Like many, Ashley Blackwell-Guerra loves her Amazon Echo. It offers countless cool voice activated features when paired with the Alexa app.
The optional Drop In feature for the Echo allows instant communication between the devices by simply saying the phrase, "drop in" and the device's name.
"I can see myself enabling this and totally forgetting about it," said Blackwell-Guerra.
She agreed to test it out with KPIX 5 consumer reporter Julie Watts. We simply sent her a request through our Alexa app and she accepted. Then we muted our Amazon Echo and gave the command: "Alexa, drop in on Ashley Blackwell-Guerra."
Unbeknownst to Blackwell-Guerra, that allowed Watts to listen in on everything she was saying in her bedroom.
While Drop In may be intended for a two-way conversation, it can also turn your echo into an eavesdropping device.
The only thing that alerted Blackwell-Guerra's Echo device to the Drop In feature was a little beep and a green-lighted rim around the top of the device.
Tech security expert Hemu Nigam says users won't always notice when the feature is activated.
"You could be sitting and reading a newspaper or looking the other way, and you might not notice or hear," he said. "I can literally press a button and be inside your home and listen to what's going on in that moment of time."
The good news, he says, is that the device's owner must approve a request to activate the Drop In feature.
But according to Nigam, the Echo — like all internet devices — is susceptible to hackers.
"If a hacker takes control of your device, they can in essence do anything you can do," said Nigam.
That includes dropping in on your family and friends: when you log into your Alexa app, anyone in your phone's contact list will show up if they have an Echo.
Blackwell-Guerra was shocked when we dropped in again and revealed the only notification that we were listening in.
"It's definitely unnerving to know that anybody could drop in on me at any time," said Blackwell-Guerra.
While users do get a prompt the first time they enable drop in, Blackwell-Guerra noted it doesn't explain that the person may drop in at any time in the future without your explicit consent, along with any member of their household with access to their Amazon device.
It's a prospect that could be potentially dangerous after a relationship has ended or in cases of domestic abuse.
"If you're not right next to the hub and you don't hear the audio prompt, I could be walking around and this could happen and I have no idea" said Blackwell-Guerra.
The test also determined that the user that initiated the Drop In was the person allowed to end the session. On one call initiated by Julie Watts, Blackwell-Guerra couldn't command it to end.
"So it ends it on her end. I have no control. That is not OK! Oh that's not OK," said Blackwell-Guerra with a sigh.
Amazon defended the Drop In feature, noting it is automatically disabled on Echo devices until a user turns the feature on.
As for potential hackers, Amazon told KPIX 5: "We limit the information we disclose about specific security measures we take."
"We have taken measures to make Echo secure," added the statement.
At any given time, users can also mute Drop In by asking Alexa to turn on the "Do Not Disturb" function and that both parties must consent to using Drop In.
As for the risk of having your Echo device hacked, Nigam said despite any safeguards put in place by Amazon, users need to be aware of what they're getting into when they allow family and friends to use Drop In.
Users should always be conscious that they are living in a connected house after getting one of these devices.
It is also worth noting that if you enable dropping for an Amazon Show, contacts can both see and hear users. And keep in mind, anyone in a household can activate Drop In on an Echo and drop in at any time.
