Voice-Enabled IoT Security Risks

Voice-enabled internet of things (IoT) technology has taken the consumer market by storm, with in-home use of smart speakers jumping 78 percent between 2017 and 2018. Today, 21 percent of the U.S. population uses some kind of voice-enabled IoT device on a regular basis.

At the enterprise level, voice adoption is most prevalent in the industrial sector, but the technology is making its way into more businesses as new options for consumer outreach, workflow automation and collaborative communication become available. This widespread implementation raises significant security concerns, which businesses need to recognize and address if the full benefit of the technology is to be realized. 

The Rise of Voice-Enabled Devices in Enterprise Environments

According to a study by Pindrop, a voice technology security company, 57 percent of managers believe introducing voice-enabled technology would “increase operational efficiencies,” which hints at the potential power of voice in enterprise environments. Gartner predicts voice will comprise 25 percent of employee interactions with business applications by 2023, a very probable scenario in light of the number of new enterprise IoT devices appearing on the market.

Although voice can be used to monitor network health, maximize resource efficiency, track collaborative projects and connect with customers, use cases go far beyond these basic tasks. The introduction of devices like Google Glass Enterprise Edition has changed the way companies approach manufacturing processes by introducing powerful voice-controlled artificial intelligence (AI) and machine learning (ML) tools into industrial environments. Communication devices from Orion Labs are breaking down language barriers to enable more efficient and productive collaboration between in-house and remote team members.

In healthcare, voice has the potential to create personalized programs and protocols for patients without requiring a significant increase in workloads for physicians. Dictation, documentation and electronic records may come together in the near future to allow healthcare providers to make more accurate diagnoses and care decisions. 

Security Risks of IoT in Business and Manufacturing

It’s not hard to see how introducing voice technology into these situations could put sensitive information and processes at risk. Voice-enabled IoT collects massive amounts of data, which is very attractive to hackers and makes enterprises using voice devices prime targets for attacks.

A single compromised device could allow a hacker to infiltrate an entire network and gain access to proprietary information, interfere with critical processes or interrupt manufacturing procedures. In industrial settings, vulnerable IoT could present a threat to workers who rely on devices to provide accurate operational and procedural information. While some hackers may simply decide to cripple a company by slowing or halting production, others may take a more malicious approach with the potential to cause serious harm.

If voice becomes more prominent in healthcare, the danger may be just as significant. IoT devices used to record and recall patient histories, including medication information, could become targets of malicious attacks, leading to disastrous mistakes with care protocols and putting patients’ lives at risk.

Hackers may use a variety of tactics to infiltrate voice-enabled IoT devices, including:

• Sending very high- or low-frequency commands undetectable by the human ear
• Altering audio to include additional commands or cause commands to be understood and executed differently
• Making use of “voice spoofing” for unauthorized activation and access

In addition to threats from the outside, enterprises must also be aware of the potential for a new style of insider attack involving the exploitation of devices already recognizing and responding to trusted voice input.

How Companies Can Protect Voice-enabled IoT

Introducing more voice technology into business environments requires a new approach to access management and data security. As voice commands are integrated into standard processes and workflows, voice biometrics will become part of users’ identities and need to be verified and monitored to ensure authenticity. Voice IoT devices themselves must be protected with the strongest security protocols possible and updated regularly to prevent known vulnerabilities from becoming points of entry for hackers.

Devices come with built-in security features, which much be set up at the time of implementation. Default settings and passwords pose a serious risk and should never be left in place once a device has been connected to an enterprise network. Businesses using multiple IoT devices can benefit from mapping their systems to identify all connected endpoints and the interactions between them and setting up a system to regularly monitor use throughout the network. If both industrial and office IoT are in use, it’s best to keep networks separate to prevent widespread infiltration.

Businesses across sectors can reap substantial benefits using voice to improve operations, collect more detailed information and provide better customer service, but any implementation plan must include a knowledgeable approach to security. Updating standard protective measures can help minimize the risks associated with introducing new voice technologies into enterprise environments by protecting against data compromise, unauthorized network access and identity theft.