Is Amazon Astro safe? We asked two security experts to find out

Amazon unveiled a wealth of new products earlier this week, including a cool looking robot butler named Astro.

But with so many privacy concerns surrounding big tech firms, and their handling and use of customers’ personal data, the Amazon Astro’s arrival has led to more than a few questions about whether the product is safe.

Here to find out if you should be concerned about Amazon Astro, and if it’s a good idea to have one in your home, we asked security experts from McAfee and F-Secure what they made of the adorable bot before it goes on sale.

Here’s what we found out.

Could Amazon Astro be hacked?

F-Secure Security Consultant, Tom Gaffney, told Trusted Reviews, while the firm hasn’t specifically checked Astro’s hackability, it has detected numerous attacks on past Amazon products, indicating it will likely be a target and potential risk.

“For this device, it’s a little early to say. We would need to get our hands on one,” said Gaffney.

“[But] smart home products in general are awash with security flaws, from default or no credentials, to poor software updates process and exposed ports which allow remote access. F-Secure have in the past conducted hacks on all types of Smart goods from consumer cameras and baby monitors to hotel key cards and automotive systems.”

McAfee Vice President, Antony Demetriades mirrored Gaffney’s concerns, adding that any smart home device with a camera is potentially dangerous.

“When an IoT camera is able to drive around your home, it unlocks a potential backdoor for hackers to enter. There’s the risk that online criminals could use the camera to spy on consumers and gain access to their personal data,” he told Trusted Reviews.

“Smart devices like consumer robots will also often have a direct link to an individual’s smartphone or internet connection. This can allow them to gain access to our personal information, intimate moments in our lives, and even communicate with members of our family.”

Amazon Astro privacy concerns

Even if Astro isn’t hacked, F-Secure’s Gaffney said he still would be concerned about Astro’s data collection, given big tech firm’s like Amazon’s monetisation model.

“The issue with any device that collects data and, in this instance, super-detailed data about your home and everyone who visits it, is where does the data go and who controls it. Amazon generally has a pretty good security model but its privacy model is far more opaque. Who controls and will have access to the very personal data it collects is a cause for concern,” said Gaffney.

“Organizations like Amazon and Google are deliberate in making it hard to understand what happens to data you share with them. As the data collected by consumer robots is particularly granular, I would not be purchasing one. What it would take to change is a simple, clear commitment to data privacy and anonymization.”

Demetriades added that in the event users do purchase an Astro, or similar connected devices, they should take protective measures to be as safe as possible with their data.

“Safeguard your devices. Before you connect a new IoT device to your network, be sure to change the default username and password to something strong and unique. Hackers often know the default settings of various IoT devices and share them online for others to expose. Turn off other manufacturer settings that don’t benefit you, like remote access, which could be used by cybercriminals to access your system,” he said.

“[Also] make sure that your device software is always up-to-date. This will ensure that you’re protected from any known vulnerabilities. For some devices, you can even turn on automatic updates to ensure that you always have the latest software patches installed.  [Finally] unplug any and every smart gadget when not in use. When your devices are not on, there’s no vulnerability so, even with all the safeguards, remember to turn off devices not in use for that last layer of protection.”