HomePod is coming… should we be worried?

Anthony Caruana
31 January, 2018
View more articles fromthe author
AAA
News

This editorial was first published in our weekly newsletter. Subscribe to get Mac and Apple news delivered to your inbox each week.

Last week, Apple announced that its long-awaited HomePod – a Siri-enabled speaker – will be available for purchase next weekend (you can pre-order it now). Without any doubt, the sound quality coming from the HomePod will be excellent – engineering great hardware is something Apple does exceedingly well. But I have concerns around the software – particularly with Siri.

© Apple

When it comes to security, I’m quite paranoid. I spend quite a bit of time researching and writing about information security, so I’ve encountered the underbelly of some really nasty security flaws and data thefts. Apple has largely escaped these types of breaches and attacks unscathed. While a tainted version of Xcode was used to produce compromised software that was distributed through the App Store in China, and Apple didn’t pass the recent Spectre/Meltdown revelations without problems, it has still done a pretty good job of keeping its security book free of any black marks.

But just this morning I was reminded of a problem that I think could become an issue for Apple. I was using Siri to activate some new smart lights I’ve installed. Now, I did the usual invocation, saying “Hey Siri…” and it worked as expected on my iPhone. But Siri also activated on my Apple Watch.

Hopefully, the HomePod won’t do the same.

My bigger concern, however, is this: what if the HomePod mishears and thinks you’ve said “Hey Siri” when you didn’t? It will, for a short time, hear your words and send them to Apple’s servers for interpretation. Apple could accidentally collect snippets of your conversations without you noticing.

I get that this is a small issue, but it’s one that concerns me as we add more devices that are capable of listening into our homes, offices and cars. The software that powers these devices is not infallible. As I’ve said many times, software is created by humans and humans make mistakes. In software, error rates of between two and five errors per 1000 lines of code are common. And with modern software running millions of lines of code, that’s a lot of potential errors.

I’m not sure the HomePod is a specific problem. But the trend towards devices that can listen and interact does require us to change how we think about the gear we put into our homes. Last year, CloudPets was found to have extremely lax security. The company made toys that responded to children’s voices and were connected to the internet. It’s well worth looking up the story to learn about what happens when security is not core to the design of a connected device.

I’m not, by any stretch, suggesting Apple will behave in a similar way. Nor am I discouraging you from buying a HomePod. But do your homework and ask questions whenever you buy a connected device for your home or office.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us