Case3: Alexa: A Pandora’s box of risks

Assignment Questions
1. Which of the risks posed by Alexa are the greatest threat to Amazon and Alexa
users?

Amazon integrates Alexa, a voice or voice-first interface, into a variety of products,

including its own Echo smart speakers. It has more than 100 million customers who
use it for listening to music, checking the weather, requesting information, setting a
timer or alarm, requesting news, obtaining sports scores, playing games, home
automation, and many more purposes. Since Alexa constantly records users' speech
and has access to their homes and private time, it poses significant privacy and
security risks to its users. The following are the major threats that Alexa poses to
both its users and Amazon.

The threat from the hackers –

Alexa's ability to listen, record, and transfer data, as well as its access to a wealth of
personal data, makes it a prime target for hackers. Alexa was able to access personal
financial information, purchasing preferences, and daily schedules because
of addition of skills. The expanding ecosystem of Alexa-enabled devices and Alexa's
expanded visibility in home automation and home security introduced new security
risks. By breaching the security code, the hackers can get access to this information and
make the users vulnerable.

Alexa required no preface before the "Alexa" wake-up command. The ease of
unintentionally waking up the system posed a threat to privacy as well as personal
and financial security.

Since Alexa is controlled by voice, it responded to unidentified voices. This

introduced new weaknesses. This can be exploited by burglars, as well as by various
players via radios.

Alexa was able to detect sounds outside the range of human hearing. Although the
devices are not meant to handle ultrasound, if anything is put just outside the
human hearing range, the assistant can still detect it.

--Small changes to audio files can lead Alexa to interpret sounds differently than a
human would. These techniques might be attractive to hackers, especially when
owners of Alexa-enabled gadgets have not trained Alexa to respond to only one
person's voice.

if audio files are altered slightly, Alexa may interpret sounds differently than a
human would. These tactics may be appealing to hackers, particularly if the owners
of Alexa-enabled devices have not trained Alexa to recognise only a single voice.
 Voice squatting is a technique that could be used by hackers to deceive users into
providing them permission to access their personal data or to listen their
conversations.
--This is achieved by using a skill with a name that sounds very similar to a legitimate
application." Some of them include "Fish Facts" instead of "Phish Facts"; "Car Fax"
instead of "Cat Facts": "Capital Won" instead of "Capital One; and Rap Game"
instead of "Rat Game." Once opened, the skills can cause significant security risk.

Data custodianship - Amazon faces a significant challenge in determining how to

manage the data it collects from its consumers. Particularly how it should respond
when government officials request access to user data in connection with a criminal
investigation.

2. What could and should Amazon should do to ensure the security of its devices and
its customers’ data? How much responsibility should the company accept when
security breaches occur?

Security and privacy are the two biggest challenges facing the sector as it adopts AI
for its businesses and offers. The industry must overcome these concerns to
expedite client acceptance.
Amazon must take steps to safeguard the security of client information. Technology
will be the most essential instrument for achieving this goal. The technology must
become increasingly resilient so that it cannot be compromised by hackers.
In order to enhance the security of its devices and data, Amazon can also forego
some functions.
Amazon should have a transparent privacy policy that is accessible to users so they
are aware of who has access to their data. This will bring about openness.
They should also distribute a guideline for users to follow in order to prevent security
breaches. In the event of a breach, Amazon can determine the extent to which users
adhered to the standards. Consequently, they can assume liability for the security
violation.
If the users were found to have followed all of the rules, then Amazon must bear
responsibility for the security breach.

3. Some parents and educators are concerned that easy access to Alexa’s AI might
harm children’s development. Should Amazon takes action to address this concern?

Yes, Amazon should take measures to address the concern of children's

development while using Alexa, as neglecting these concerns could result in the loss
of this market sector. Also, this customer category is incredibly crucial to Amazon
because it helps them protect their future by attracting young individuals who may
become dedicated clients.
Amazon can modify how Alexa responds to inquiries when the child mode is on in
order to answer the concerns highlighted by parents and educators.
4. How can Amazon improve the accuracy of Alexa responses?

Alexa learns from the data it receives. To improve Alexa's performance, more and
more information must be provided to it. In addition to quantity, the quality and
variety of the data being given to the system are also crucial. Therefore, Amazon
should attempt to improve Alexa's ability to comprehend commands by familiarising
it with the accents and dialects of people from throughout the world. Once Alexa is
better able to understand and recognise commands, Alexa’s responses will also
improve.

5. How can Amazon improve the monetization of Alexa?

Amazon can improve Alexa's monetisation in the following ways:

They can sell customer data to online shops in order to enhance the product
recommendations and sales of online merchants.
They can place advertisements in Alexa services such as music and ask people to
subscribe to eliminate the advertisements.
Amazon can work with news agencies to announce news from a certain news agency
and charge the news agency for doing it.

6. What risk management framework/ risk response protocol that Amazon could use
for the crises related to Alexa?

The following steps must be followed in risk management:

Identify: Threats that can be troublesome for Alexa's stakeholders must be
identified; in this case, these include security and privacy difficulties, technological
issues, and data loss.
Measure:- The dangers can harm a variety of assets, including customer data, user
assets, and so on. The most problematic threats are data loss, followed by security
and privacy concerns, and finally technological challenges.
Manage:- Security and privacy issues are the most likely to occur, followed by
technical issues and finally data loss. Risks must be addressed based on their severity
and likelihood of occurrence. The immediate action might consist of issuing
consumer-friendly instructions to lessen security and privacy risks. The technical
threats can be mitigated by adding an additional layer of verification to all of Alexa's
operations. Additionally, cloud-based data backups help prevent data loss.
Monitor:- Here, all risk susceptibility is evaluated, monitored, and controlled by
taking the necessary precautions.
Report:- The risk management operations are reported for record purpose.