How Secure Are We? // Voice is the Future — Issue #11
What do dolphins have to do with it?
Alexa, Siri, and Google Assistant can be controlled silently, without you even realizing it — BGR — bgr.com
The smarter our gadgets become, the more likely hackers will try to exploit them at any cost. With virtual assistants being all the rage these days, it’s not surprising that someone would find a way to control them remotely without the user having any idea, and that’s just what researchers from Chin…
As explained in a blog post written by MWR’s Mark Barnes, every Echo is equipped with 18 debug pads — metal ports that can be used to test different aspects of the operating system’s functionality — concealed under its rubber base. By connecting a malicious SD card to the right pads, a hacker gains complete access to the Echo’s operating system without any authentication required. This allows him or her to turn the Echo into an eavesdropping device, access the user’s Amazon account, and “basically do anything you want,” Barnes told the Telegraph — all without affecting the Echo’s normal functionality or leaving any trace of tampering.
In the report, titled, “Dolphin Attack: Inaudible Voice Commands”, the researchers said they were able to validate it on Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Amazon’s Alexa.
Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear.
What you should know
HomePod, Echo, Google Home: How secure are your speakers? — CNET — www.cnet.com
Apple’s HomePod, Google Home and Amazon Echo all encrypt the voice recordings sent to their respective servers. But there are varying degrees of how they keep the data secret.
Anyone in your home can ask about information that you have made available to Google Home. To prevent others from accessing private information such as reminders and calendar entries from your Google Home, you can turn off Personal results in the Google Home app. This can be set device-by-device, so you can give a Google Home in your bedroom different access to your information than a Google Home in your kitchen.
-Not currently using your Echo? Mute it The mute/unmute button is right on top of the device. The “always listening” microphone will shut off until you’re ready to turn it back on.
-Don’t connect sensitive accounts to Echo On more than a few occasions, daisy chaining multiple accounts together has ended in tears for the user.
-Erase old recordings If you use an Echo, then surely you have an Amazon account. If you go on Amazon’s website and look under “Manage my device” there’s a handy dashboard where you can delete individual queries or clear the entire search history.
-Tighten those Google settings If you use Google Home, you’re already aware of the search giant’s appetite for data collection. But Google does offer tools to tighten things up. Like the Echo, Home has a mute button and a settings page online, where you can grant or take away various permissions.