Re: The whole problem is the cloud mentality
Another problem: I'll bet the URI the voice data is sent to is hard-coded in that firmware. Hack the home router (and frequent Reg readers will know how secure those are), set a rogue DNS, and a malicious server can intercept everything it transmits. Knowing how well IoT devices are designed, there probably isn't any attempt to verify the identity of the server it's talking to.
The manual says it will automatically download and install software updates. Hopefully that process isn't vulnerable to the same sort of MITM attack.