Image credit: TopMoving
In 2017, a Texas teen realized their neighbor had purchased a wireless printer. He also discovered their network was unsecured. Naturally, he began sending requests to wirelessly print a string of panic-inducing messages, including: “This is your printer. I have become self-aware. Run.”
It didn't take long for the neighbor to became frantic and toss his new printer to the curb, which the prankster gleefully picked up later. While this kind of innocent hack seems like an obsolete problem, a similar threat is returning as more people bring virtual assistants into their home.
Unlike wireless printers, it's not enough to simply secure your home network. Hackers have already figured out how to send subliminal messages through music through Alexa and Siri. Not to mention that the big tech companies behind the virtual assistants themselves are admittedly always listening.
By buying a smart speaker, are we really just opening a doorway to our home? By wiring ourselves to the world, are we also giving access to hackers, or worse, marketers? Here's what you need to know about smart speakers and security.
What’s the worst that could happen?
“Spies! High-tech eavesdroppers! Marketing puppets!” You've hear it all before. But let’s be real here. Most smart device users are well aware that their virtual assistants are transforming their search history, requests, and shopping preferences into marketable data. The exact same thing has been happening online for years. When you visit a website, accept cookies from a brand, or buy something on Amazon—you become an instant target for related ads.
Same thing, different medium.
While it's still an uncomfortable truth, there are much worse scenarios than having Amazon know you like purple shoes. A research group from University of California and Georgetown University showed it was perfectly possible to send hidden commands to Siri, Alexa, and Google Assistant through normal media. While you, an innocent human, would simply hear a music track or a YouTube video; your smart speaker could be hearing instructions to open a malicious website, buy something online, or unlock your front door.
The U.C. Berkeley team managed to generate hidden messages using Mozilla’s open-source DeepSpeech, and then embed them into music files and speeches. Humans would hear music or a phrase, but Google Assistant would hear the instruction to browse to evil.com. One of the researchers, Nicholas Carlini, told the New York Times that while these sneaky techniques haven’t left the lab yet, it’s only a matter of time before someone starts exploiting them.
What’s being done about it?
The top guns in the smart speaker industry are making it clear to the public that they’re not oblivious to the ill-intended uses of their products.
Amazon released a list of security measures for developers to follow on their website, and stated to NBC that they’re “taking measures to make Echo secure”. Google said they’re deeply focused on security and are working on features that will mitigate undetectable audio commands. Apple—although their HomePod isn’t as popular as the others—is already designed to prevent important commands (like unlocking doors) from being carried out if the user’s iPhone or iPad is locked.
Should we be worried?
As with everything new in technology, there must always be a degree of caution. We as users of smart devices also share the responsibility of protecting our own privacy. You can’t be surprised when Alexa knows your bank PIN numbers when you gave them to her yourself “so she could remind you.” As a general rule, don’t give your virtual assistant sensitive information until all the security kinks have been worked out. We have to be smarter than our smart devices.
Even if you’re tempted to toss your smart device out the window and furnish yourself with a tin-foil hat. Keep in mind that there’s a very bright side to all this. As more and more vulnerabilities are discovered, companies have the chance to fix them before others can take advantage.
We're all about smart security at VOICE Summit. From experts in cybersecurity to independent entrepreneurs showcasing their own virtual assistants with privacy as a priority, there'll be something for everyone. Interested? Save your seat here.