Securing Amazon Echo


(Wayne) #1

I’m eagerly awaiting delivery of my Amazon echo’s and dot next week. In the meantime I came across this:
http://www.forbes.com/sites/aarontilley/2016/09/17/neighbor-unlocks-front-door-without-permission-with-the-help-of-apples-siri/#415971565b99

Could I ask how people using it secure their echo’s from doing the same with smartthings? Is there a way of disabling the echo’s integration when the SHM is armed? Could I for instance disable all my echo’s when I go to sleep at night and only leave my bedroom one active for arming/disarming SHM?

Wondering what others have done to prevent it being used to bypass security.


Door locks that work with st and echo
Major Changes to Alexa Skill
#2

This is going to be true of any voice operated system which is always listening.

About the only thing you can do is plug it into a networked pocket socket and have the pocket socket turn off when you don’t want it active.

There’s a microphone button on top of the echo, but you would have to physically press it each time you go out.

Amazon basically just says be aware that this can happen:

Take steps to ensure the security of your Alexa supported device and safe operation of your connected products. For example, if you do not want Alexa to respond to voice commands (like when you are away from home), turn off microphones on your Alexa supported device.


#3

I like the idea of having Alexa off. How about having it plugged into a smart outlet and have the routine turn that outlet on and off with Away/Home?


(Wayne) #4

I was hoping people would have implemented something a little more elegant. Similar to apps restricted to running in certain modes only. I obviously don’t have an echo yet so have no idea.


(Marc) #5

This is a good idea except it can be costly. I have 3 and soon to be 4 Echo’s and now I would have to spend close to $200 on separate switches to control them.


#6

http://www.ebay.com/itm/Refurbished-Z-Wave-Plug-in-Smart-Meter-Wireless-Switch-Module-Outlet-/252419543547?hash=item3ac56091fb:g:alMAAOSwv-NWaK-k

http://www.ebay.com/itm/Z-Wave-2-Outlet-AC-Power-On-Off-Switch-With-Surge-Protection-Max-1440W-/191804018886?hash=item2ca86910c6:g:kc8AAOSwQYZWvDfl


(Wayne) #7

The bigger question is: Is everyone with an Echo right now with smartthings integration vulnerable?!
If so then I think it needs some attention especially those who rely on SHM and door lock control.


(Marc) #8

I think the real answer is anything that can put your house at risk such as garage doors and locks should be left off Alexa unless your willing to take the chance. It’s Risk vs Reward and there is always a trade off no matter which solution you go with.


#9

Correct. Just as a surgeon. Check twice and cut only once. I added a smart outlet in-line with garagedoor and it is off when I am away from home or in night mode.


#10

It has nothing to do with SmartThings, it’s a feature that echo has not provided. If you use echo to control garage doors or door locks, you are vulnerable to this.

At our house, we’ve tested, and the echo cannot hear instructions shouted from the front yard so we’re fine with it. But everybody has to make their own decisions in this regard. Physically hit the microphone button or put it on a smart outlet.


#11

If you’re in the US, zwaveproducts often has refurbished pocket sockets for about $20.

If you’re in the UK, I would probably look for WeMo or another inexpensive Wi-Fi pocket socket.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #12

Ummm… Doh!!!

“Restricting Apps to Certain Modes” is exactly the way this could / should be implemented. The Amazon Alexa / Echo connector to SmartThings is just a SmartApp; that means it should have included the default option of “Set for specific mode(s)”; but, alas, unfortunately, it does not.

SmartThings could pretty easily add this as a Feature; the code isn’t public, so can’t just offer a Pull Request.


#13

Since you don’t have your echo yet, I’ll just clarify hear that what @tgauchat is suggesting is that the echo would still hear and process the unlock request, but all that its processing does is send the request over to SmartThings. Then it could be caught on the SmartThings side and ignored in specific modes.

My concern with this approach (assuming it could be implemented) is that at this time SmartThings does not distinguish one echo from another. So there wouldn’t be any way to have it accept commands from the echo in the bedroom while ignoring the commands from the echo in the downstairs living room. The integration is cloud to cloud and it’s just echo to SmartThings. Not living room echo to SmartThings versus bedroom echo to SmartThings. So I think at the present time adding a mode restriction would reject all echo commands during that mode, not just ones sent from a specific device.


(Wayne) #14

I’m not familiar with alexa yet. But don’t you have control of what you allow alexa access to? If so, then can you create new routines just for her that do not run when in away mode for instance?
Otherwise I’ll just need to invest in a bunch of pocket sockets. I assume echo doesn’t mind being switched on /off daily.


(Greg) #15

mode restrictions are in the endpoint example app but I’ve found that the restrictions aren’t honored.


(Wayne) #16

Thanks for clarifying @JDRoberts . Got your reply whilst I was typing.


#17

You authorize individual devices for echo to be able to request on/off for. That’s pretty much it. But there’s no mode or other restriction on it right now. You would handle having echo change modes or SHM status by having echo turn on a virtual switch and having the virtual switch be associated with changing the mode


(Realy Living Dream) #18

1 Never have doors automatically unlock as part of any routine. Well not until they come up with reliable biometric identification so there is 99.99% surety that it is in fact me walking up to my house. We all have our RFID chips implanted.

2 Don’t call your lock something obvious like " front door"

3 Unless it has changed you can NOT add a lock device to Alexa natively. I remember this discussion at length last year when Alexa/ST was first released. You had to use a virtual switch or IFTT to get around it. Open or Unlock are (were ) not recognized Alexa commands.

4 As @JDRoberts stated, Don’t put an Alexa device by the door or a window where it can hear commands from outside. I learned the Echo in the dining room can in fact hear me from the roof if the window is open.


(Greg) #19

I do this daily - I had one issue where the power cord fried. But Amazon said it was a known issue, overnighted me a different style replacement and I haven’t had the issue again


#20

@rldreams makes a very good point that the news story was about Siri and Siri does know “unlock all the doors.” :dizzy_face:

Echo just knows on/off for a switch or a group of switches and then it’s up to you to set up SmartThings so it knows with that switch coming on means. It’s a lot easier with echo to come up with a phrase that people wouldn’t be likely to guess.