Recognize safety risks of virtual personal assistants
When Apple unveiled their virtual personal assistant, Siri, in 2011, they unwittingly opened the door for society’s growing dependence on such devices. Now, both Amazon and Google — multibillion-dollar companies — have similar technologies with capabilities that even While this new technology is certainly useful, it comes with a safety risk. In the past, this same technology was used in harmless marketing techniques, such as Burger King prompting Google Home to direct devices to the Wikipedia page for one of their burgers, the Whopper. An further detailed the advertisement and stated that Burger King did not work with Google on the ad and instead took it upon themselves to utilize Google Home’s voice controls. The inception of the ad led to Wikipedia users taking to the Whopper’s page to edit the contents. Shortly there after, the ad was changed to no longer activate Google Home devices. While this is a harmless use of the technology, it opens the door for conversation about cyber security, and it leads users to question what individuals with malicious intent might be able to do with this same technology.
According to , over the past two years, researchers in the U.S. and China have tested the ability to send signals to Siri, Alexa and Google Home that cannot be detected by the human ear. The researchers have been able to secretly manipulate the technology to open websites or dial phone numbers. Researchers from Princeton University and Zhejiang University in China demonstrated the capabilities of a “” — an inaudible command that modulates voice commands on ultrasonic carriers. The same New York Times article also discusses an experiment carried out by the University of Illinois at Urbana-Champaign that demonstrated the possibility of a “DolphinAttack” from 25 feet away, as well as a similar experiment from China’s Academy of the Sciences that demonstrates voice controls being embedded in songs.
Sadly, these are not just concerns stemming from a fear of technology; attacks on these devices have occurred in the past. In 2017, a hack known as BlueBorne managed to infiltrate several virtual home assistants, according to a . Bluetooth attacks of this sort allow hackers to compromise not just the efficiency of Bluetooth devices, but other devices in the home, as well. Once a hacker has access to one Bluetooth device, they can subsequently access other devices on the same network. To put this into perspective, both Google and Amazon store credit cards and addresses on file, and an attack on these devices puts people at risk of identity theft, or worse. While Google, Amazon and other companies patched the Blueborne vulnerabilities following the attack, who is to say that something like that cannot happen again?
The problem manifests itself in the growing reliance on technology. This is not to say that saving your password or credit card number on file in Google Chrome is an issue, but limiting the amount of vulnerable devices that have access to this information is a start. Even within the devices that one owns, it would be wise to look at the permissions that are actually embedded in the terms and conditions that several people barely gloss over before choosing to accept. In the light of the , more people should review just what information companies have access to and how and where it is stored. One such example is Google. According to , Google saves voice recordings every time a user asks a question using its virtual assistant. Though this information is saved to a page only accessible through the email address that the account is linked to, individuals might feel uneasy with the content that is being saved. Each individual has the responsibility to ensure that they are taking proper security measures, just as companies have the job of ensuring that their clients’ information is safe.
Security company Symantec published post on Nov. 20, 2017, detailing the steps that individuals should take to ensure their own safety when using devices like Amazon’s Alexa. It is recommended that devices not be connected to the front door or any home-security functions, and that individuals do not store any credit card information on these devices. They also recommend deleting saved recordings from time to time in addition to muting the device when it is not in use. Just as one protects their home, protecting sensitive information online should be taken seriously, despite the false sense of security that Google or Amazon provide.