LOS ANGELES (CBSLA) — Could you be spied on in your own home and not even know it?
Cameron McKay’s girlfriend was not pleased when she learned that he and his adult son Thomas were able to listen in on her inside her own home miles away — all by simply using the family’s Amazon Echo.
“I heard her screaming, ‘What the heck is going on?'” said McKay. “She sounded terrified as though someone was in her house.”
The optional Drop In feature for the Echo allows instant communication between the devices by simply saying the phrase, “Drop In on” and the device’s name.
2 On Your Side’s Kristine Lazar decided to test out the feature. Before meeting with the McKays, Thomas used Lazar’s phone number to locate her Echo. He then sent a request through the Alexa app, which Lazar accepted.
Within seconds, Lazar heard everything going on in her living room located nearly 100 miles away.
She could even hear her children.
“Hi, guys,” said Lazar.
“Hi mama,” came the response from the Echo.
The only thing that alerted Lazar’s Echo device to the Drop In feature was a little beep and a green-lighted rim around the top of the device.
Tech security expert Hemu Nigam says users won’t always notice when the feature is activated.
“You could be sitting and reading a newspaper or looking the other way, and you might not notice or hear,” he said. “I can literally press a button and be inside your home and listen to what’s going on in that moment of time.”
The good news, he says, is that the device’s owner must approve a request to activate the Drop In feature.
But according to Nigam, the Echo — like all internet devices — is susceptible to hackers.
“If a hacker takes control of your device, they can in essence do anything you can do,” said Nigam.
That includes dropping in on your family and friends: when you log into your Alexa app, anyone in your phone’s contact list will show up if they have an Echo.
In the case of Cameron McKay’s girlfriend, since her Echo is included in part of his “household” — meaning the devices are already linked — she never had to accept a request in order for him to drop in.
“You just gotta be aware,” McKay said. “Be aware of what this thing can do.”
In a statement, Amazon told 2 On Your Side: “We limit the information we disclose about specific security measures we take”, adding that “We have taken measures to make Echo secure.”
Amazon also pointed out the Drop In feature is automatically disabled on Echo devices until the user turns it on. At any given time, users can mute Drop In by asking Alexa to turn on the “Do Not Disturb” function and that both parties must consent to using Drop In.
As for the risk of having your Echo device hacked, Nigam says despite any safeguards put in place by Amazon, users need to be aware of what they’re getting into when they allow family and friends to use Drop In.
“Is this similar to a ‘Knock knock, are you home?’ or is this a ‘Walk in because I have the key’,” he said. “And this falls into the ‘Open the door, walk in ’cause I have the key.”