Securing Amazon Echo

Alexa does recognize " Open the pod bay doors" though

I use the Ask Alexa integration and simply removed the unlock / disarm commands from operator commands.

Virtual Switches for locks and other sensitive devices… Alexa issues commands to those virtual switches…

Core picks up on those VS changes and if in ‘AWAY’ mode does nothing, but if in home mode or whatever takes actions against locks…

Home grown way to do it… ?

Anyway… wait until the stories of Alexa being leveraged to spy on you and your family. Much the same web cams have been in the news for the same for years… then you’ll worry about more than your locks. It’s easy to put tape on your camera as is common these days, not sure how you can do the same with alexa and retain the value.


An idea. Don’t get an Alexa and never turn it on when you buy one. Sorry. Being ironic. Need more coffee.

1 Like

The easiest thing to do is not connect doors or alarms to anything that can be opened or deactivated via voice command. There, you are now secure. The Forbes article is pretty much a scare article as common sense would tell you that if you can control your ipad or Alexa from outside, then so could anyone else. If someone wants to sit outside my house and yell to my alexa to turn on or off or set colors of my lights, more power to them. Just better hope I’m not home when it happens. Pretty sure the neighbors would call the police based on a crazy man sitting outside talking to his imaginary friend Alexa or Siri.

Once we get to the point of the system recognizing your voice, it’s still only a little more secure as your voice can be recorded and manipulated. Maybe you need an iris scanner at your front door to make things most secure.

Home automation is not a security system. It’s to make people’s lives easier and a play toy. Everything is hackable.

1 Like

PS, maybe don’t name your front door “Front Door” either. Name is something special. “Alexa, unlock The Door To King’s Landing”

1 Like

Surprised this isn’t an option in CoRE. Instead of only run during time frame, it could be during this mode, or only if this switch is set to on, etc

Wait, technically you could set the home mode to include turning on a virtual switch to prevent it from happening, ie don’t do this if this switch is on.

I’d say this ought to be reported to SmartThings as a significant Bug … but:

  1. Probably already has, and we just can’t track it because of no public visibility into open Bugs.
  2. Probably already has, but there’s no ETA.

So; let’s just say that there is evidence “Mode” filter is unreliable, and I withdraw my recommended approach to this problem.

My doors are only allowed via Ask Alexa, not the native alexa app, so they require a verbal password. Am I missing something with this whole convo?

You can restrict what Alexa sees, so this should not be an issue, like ever. I could care less if someone jumps my fence into my backyard and yells through the kitchen window to turn on a light, all my lights are restricted to Home/Evening modes anyway. They won’t know my password unless they hang out under the window sill and I have the window open.


Shouldn’t that be for a window lock?

[quote=“michaelahess, post:29, topic:57971”]
My doors are only allowed via Ask Alexa, not the native alexa app, so they require a verbal password. [/quote]

Same thing with my home.

What about something like the SHM? Could Alexa run routines? If so could the intruder simply say something like “activate I’m Back Routine” to shutdown the alert status of the home? This is one of the reasons I never installed earlier versions of the Smarttiles as I couldn’t figure out how to remove the mode change options from the screen.

I’m just asking these questions, as I’m sure it must have been considered by a lot of people who have had Alexa integrated for some time.

Alexa doesn’t run routines. Alexa requests that smartthings turns on a switch, and you can have SmartThings set up so that when that switch is turned on the specific routine runs. You get the same end result, but there are some important distinctions.

And yes, no question – – Echo is not a secure device. It responds to any verbal command from anyone who is within its hearing range. So you have to take that into account or power it off when you’re not home.

It is possible to write a skill for the Alexa service which has a pin code exchange. That’s what some of the security systems have done. But if you are wealthy enough to be an individual target (or you have a stalker) they could just use a directional mic and listen to you say the pin code and then use it themselves whenever they wanted.

Echo is not a secure device.

Personally, I would never use echo to control SHM status. But that’s just me.

I use it to turn lights on and off. And to play music and set timers and play podcasts and get sports scores.

My own concern is less about bad guys breaking into my house then it is about some random phrase being played on a television show and echo responding to that. (It does happen)

Echo is not a secure device. It’s very helpful and I like it a lot but it is what it is. :sunglasses:


The current official Amazon Echo / Alexa integration (SmartApp) by SmartThings does not support Routines (only Switches and Locks).

There are various Community add-ons and alternative Alexa Skills that come closer to the features you’re discussing.

Being in the process of finalizing many feature inclusion / deferral / exclusion decisions for SmartTiles “V6” right now is making me painfully aware of how hard it is to decide what should or should not be included. As engineers, we lean very much towards maximizing potential, flexibility, and customization; but we also want: 1. Minimize complexity for Customers, and 2. Optimize the Apps performance and maintainability / minimize bug risk.


It is. You can restrict an entire piston, or a specific action to a mode if you so wish.

Again, though, at present you won’t be able to distinguish between a command given to the echo in the upstairs bedroom and a command given to the dot in the downstairs living room. At least you can’t as of now. Maybe in the future given that soon all the devices will all know about the others. :sunglasses:

Pocket sockets it is then!! :sunglasses:
Power off all echos and dots when away.
Leave bedroom dot powered on when night mode.
All on at all other times.

Does add a fair amount to the cost per echo especially if you want to use zigbee as the official outlets (no other zigbee options here) are very expensive in the UK.

1 Like

Alexa can not directly open a lock. While it’s not supposed to officially open doors, it will. I can say "open the garage door"and it will most of the time.
So, you really do not have to worry about that.

Also, there is the option of not buying and installing a smart lock.

Never out an entry point into your home at the mercy of a cloud based automation system. If you do, put in failsafe steps.

Look into askAlexa smartapp. It can practically completely replace the native integration. It also has built in pass codes for doors and locks.

But, if you do use a connected lock you can do this.

Create a virtual switch to integrate with Alexa for your lock. Write a piston to make that virtual switch lock and unlock your door. Then, put in restrictions… Such as you have to be home (presence), or something had to be on… Pick a device that is only on when you are home and always off when you’re gone, or…

… use a motion sensor. That sensor has to be active for the piston to run. That way it can only run from inside of the house.


All good points. I think this next part has been clear and several people have made the point in several different ways, but since I know you don’t have your echo yet I did just want to say specifically that echo will only have access to the devices that you individually grant access for.

You can have a smart lock on your SmartThings account but not authorize it to echo and then echo can turn on your lights but not do anything with your lock.

So you only have to worry about your lock if you intend to use voice control with your lock. If you don’t intend to use echo with your lock, it cannot be accidentally opened by anyone using echo.

This is different from HomeKit. With HomeKit, there are some device class level commands, like unlock all doors, which would always work.

But with echo, you approve each device specifically.

But once you’ve decided that you want to be able to unlock your smart lock using echo, then all of the other security issues we’ve been discussing come into play.

1 Like

Oddly enough, as security conscious as I am, I do this, but I do have failsafes. And, it’s not like an unlocked door is the same as automatically putting my TV on the curb with a free sign on it.

People still have to have the gumption to walk through said door, and if they are willing to do that - they are very close to be willing to break out a window to get in.