Stop, Amazon! I Don't Really Want To Buy That Dollhouse
Don't be surprised if you open your front door and find a dollhouse on the stoop. A San Diego TV station that was trying to tell viewers how to avoid such surprises did the opposite last week while reporting on Amazon Echo, the popular voice-activated, Internet-connected digital assistant.
A 6 year-old Dallas girl recently told Echo's Alexa operating system she wanted a dollhouse and cookies. Both were delivered to her door, and $160 was charged to her family's Amazon Prime account.
The story went viral and caught the attention of people like Jim Patton, an anchor at CW 6 in San Diego who said on the air, "I love this little girl, saying 'Alexa ordered me a dollhouse.'"
His remarks were broadcast into people's homes, causing Amazon Echoes across San Diego County to activate.
"We had people call the desk, reach out through our website and Facebook page," said Jon Brady, news director at the CW 6. "As far as I know, no one actually had anything delivered."
The incident highlights the unexpected consequences of a powerful new technology that's still evolving.
"Ordering a dollhouse may be the least of our worries," said Stephen Cobb, a senior researcher in the San Diego office of ESET, a security company.
"People need to know that when they bring this technology into their home, they're getting something that listens. What does it listen for? And where does it send what it hears? People need to ask themselves that."
Cobb learned just how sensitive the system is when he bought an Amazon Echo for his home over the weekend.
"My wife said, 'I don't want that in the living room,' so I put it in the back bedroom," Cobb said. "Later, we were sitting in the living room and it heard us talking. It's got a very sensitive microphone, and its capacity to interpret what you say is very impressive."
Amazon introduced Echo in June 2015 as a way to cater to the needs of its customers, especially in their homes. The voice-controlled device can do everything from give people weather and traffic updates to play music, stream podcasts, answer questions and interact with other smart devices.
Consumers also can use the Alexa operating system to order products from Amazon, a service that helped make the device among the company's best-selling devices during 2016. Google jumped into the market in November, introducing a similar digital assistant known as Home.
Security hasn't been overlooked.
Amazon reminded the news media on Monday that Echo users need to verify a pending purchase by giving the Alexa a "yes" response. If consumers want to cancel a mistaken order, they say "no." People also can turn off the feature that allows voice-activated purchases through Alexa or choose a setting that requires a code -- on top of a general verbal comment -- before Alexa initiates an order.
But Alexa cannot distinguish what is being said by different people. So the system had no idea it was talking to a child when the girl in Dallas recently ordered a dollhouse and cookies.
Alexa also finds it hard to distinguish between a direct command, and the sort of remark made by CW 6's Jim Patton.
"I don't think that Amazon really thought through what would happen if people reported something like that on television," said Cobb.
Software engineers are expected to eliminate such flaws.
"There will likely be new developments to support voice authentication by voice print or some type of voice password," said Chris Simpson, director of National University's Center for Cybersecurity and Information Assurance.
"For example, a voice registration system may be implemented into these devices, similar to what banks use for clients to initiate large money transfers."
Gary Davis is optimistic about what's likely to happen next.
"I'm a huge advocate for leveraging technologies to deliver levels of automation and convenience that we only dreamed about 10 years ago," said Davis, chief consumer security evangelist at Palo Alto-based Intel Security.
"My wish for these companies is that they contemplate how to deliver those capabilities as securely as possible. For example, putting controls in place such as using a voice recognition biometric or another form of strong authentication to validate a purchase would make a lot of sense.
I understand that this may take away from the ultimate inconvenience, but it would go a long way to giving consumers a better sense of control."