Digital assistants are devices designed to make people's everyday lives easier by controlling smart home systems, for example. Digital assistants are often voice-controlled and offer easy and intuitive ways of accessing digital services. Alexa, Google Assistant, Snips and Siri are all examples of digital assistant. More and more of the devices we have in our homes, such as smart TVs, come with a built-in voice assistant these days as an extra convenient feature. In cars, too, it is becoming rarer to travel alone: you will often have a digital assistant for company, which can give tips on the quickest route or cheapest petrol station.

Anyone who wants to use devices like these should get informed about certain things before they do so. After all, every time a digital assistant is used, this generates personal information, which is often stored in the cloud belonging to the corresponding service provider. Below is an explanation of how digital assistants work and what you should bear in mind when dealing with them.

How do digital assistants work?

Digital assistants that are controlled by audio signals process the voice commands given by users. An activation word or a non-voice input command, such as the press of a button, is usually required before an action can be executed.

First of all, the input is converted to text format (speech to text). The command is then processed – this is often done in the cloud, not on a local device. After that, the result is sent to the voice assistant, which either says it aloud (text to speech) or executes the associated command.

There is no reliable information available from most providers with regard to encrypted communications, secure servers or the responsible handling of user data. While the big players are still reliant on this kind of information processing behaviour, there are also new solutions coming onto the market, which process and use all the data generated by digital assistants locally on just one device.

What should you bear in mind in terms of data security?

The security of your personal data may be at risk if it is stored in the cloud. Information could be stolen or illegally copied, sold, analysed and used in blackmail attempts or fraud, for example. Therefore, before you use a digital assistant, it is important to find out what data they generate and what the associated risks are. You should also think about whether the benefits for you personally would be so great that they would outweigh any potential security risks or infringements of your privacy.

Local, decentralised systems can offer an alternative to cloud-based assistants, although they may have a more limited scope of functions.

Using digital assistants safely

Watch this video to find out how to set up digital assistants securely and what you should look out for when using them:

Bear in mind the following safeguards to minimise the security risks involved in using digital assistants:

• Prevent unauthorised access: Disable or switch off your digital assistant when you are not home. If possible, set up different voice profiles for the people who will interact with the device.
• Place your digital assistant in a suitable location: Place your digital assistant somewhere where it can only be used by authorised persons. It is not appropriate to position it in an open window, for example, if it is able to control a smart door lock.
• Secure with a PIN or password: Critical voice commands should only be executed and orders placed after a PIN code or password has been entered.
• Separate WLAN: It is often possible to set up a separate WLAN for smart devices like digital assistants via your home router. This means you can keep devices such as laptops or smartphones, which may contain sensitive personal data, separate from your smart home.
• Check the generated data: Regularly inspecting the stored data is a way of identifying whether your digital assistant is being misused. Data can be deleted if necessary.
• Modify your data protection settings: Data protection settings should be checked and modified to suit your particular needs.
• Trustworthy extensions only: Applications that implement functional extensions should always be obtained from trustworthy sources.
• Restrict interfaces to only those needed: Your digital assistant should only be connected to devices and accounts without which the system will not work. Sometimes it makes sense to create a new account to protect your personal data.
• Disable: In certain private situations, you may feel more comfortable if you switch your digital assistant off completely so it does not process any conversations.

Watch this video in which BSI expert Petra Hofmann gives an overview of digital assistants in terms of how to use them, how they work and what data security issues you should bear in mind: