Are smart speakers listening?

1. December, 2019

Smart loudspeakers, which enable comfortable voice control at home, are equipped with microphones and offer listening functions for the recognition and implementation of user commands. These pioneering systems are becoming increasingly popular and widespread. While critics see the loudspeakers as possible monitoring devices, the futuristic-looking systems bring a trace of science fiction into our homes.

External extensions as a vulnerability to eavesdrop on users

Security researchers from Berlin examined the best-known voice control systems, Google Home (“Okay Google!”) and Amazon Echo (“Alexa!”) for possible vulnerabilities. Google and Amazon repeatedly assure us that they will only process voice recordings after they have been deliberately activated. The researchers of the “Security Labs Research” succeeded, however, in using both systems for unauthorized interception.

The Achilles heel of the assistance systems are applications from external providers. The respective ecosystems were only subsequently opened via interfaces for external app developers in order to be able to extend them with new functions. In several stages, the researchers were able to extend such an app and turn an assistant that was actually only voice-activated into a permanent listening device. Even a targeted tapping of freely definable keywords was possible.

Listening as stage one, voice-phishing as the highlight

The monitoring of users was not enough. The application at both manufacturers could be changed in such a way that the loudspeakers actively asked for passwords. A security update was given as an exemplary reason for this – how many users would have queried here and not revealed the password?

Sensitisation of users and developers required

After reporting the found vulnerabilities to the manufacturers, the affected apps were quickly removed, but whether the vulnerabilities could be permanently closed is still open. The fear that voice control systems could be misused to spy on sensitive information remains a worst-case scenario. A critical assessment of the benefits and possible risks is still recommended.

The results of the security researchers show that additional security mechanisms are useful to make misuse more difficult. Meanwhile, it might be useful to place smart speakers only in deliberately selected places and deactivate them when they are not used.

Smartphone with Android-Icons on the start screen in front of a world map
Online-Shopping  from the comfort of your house
symbol image Ransomware
Emotet
artificial-intelligence
iPhone 5
Schematic representation of the IKARUS managed.defense service to illustrate the interaction between companies and products.
Image
IKARUS anti.virus Version 3.1
CSM Screenshot VirusTotal
Fileless
Image
Image
Image
Image

We are lookink forward to hearing from you!

IKARUS Security Software GmbH
Blechturmgasse 11
1050 Vienna

Phone: +43 (0) 1 58995-0
Fax: +43 (0) 1 58995-100
Sales Hotline: +43 (0) 1 58995-500

SUPPORT-HOTLINE

Support-Hotline:
+43 (0) 1 58995-400
support@ikarus.at

Support-times:
Mon- Thu: 8am – 5pm
Fri: 8am – 3pm

Remote maintenance software:
TeamViewer Download
AnyDesk Download