Blog

Is Your Smart Assistant Undermining Your Security?

Is Your Smart Assistant Undermining Your Security?

Smart assistants commonly appear in the office and home, so much so that the novelty seems to have finally worn off and they are now just another appliance—and, like any other appliance, there are a few quirks that can be frustrating to deal with. For instance, anyone living around these devices has shared a particular experience: the device registering something as a wake word that certainly wasn’t meant to be the wake word.

While this may just seem to be a mildly amusing annoyance, this phenomenon has some concerning security ramifications. Let’s discuss how deep the rabbit hole goes, and what the impact could be to your security.

What Do Our Smart Assistants Actually Hear?

You’re certainly aware by now of how these smart assistants work. A small device lives in your home or office, either as a standalone device or piggybacked into your phone or other appliance. With a simple voice command, assorted information can be shared or activities can be completed with little effort. By default, this voice command is dictated by which device is being used:

  • Amazon Alexa devices respond to the term “Alexa,” ”Computer,” ”Amazon,” or “Echo.”
  • Google Home devices wake up to “Okay/Hey, Google.”
  • Apple’s Siri responds to “Hey Siri.”
  • Microsoft’s Cortana reacts to its name, “Cortana,” or “Hey, Cortana.”

However, we’ve all also seen examples of these smart assistants picking up other sounds when we aren’t expecting it to react. How often have you seen someone say something, only to be interrupted as their smart assistant responds?

To be honest with yourself, how often have you been the one to say the wrong thing and trigger an out-of-context response?

You are far from alone. Many people have done the same, and there are some legitimate security concerns paired to this phenomenon. In fact, these incorrect wake words have even inspired academic research.

The Research

In their report, Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers, researchers used a variety of smart devices to listen to various samples of audio material, including popular television shows like Modern Family and Game of Thrones, news broadcasts, as well as the professional audio data used to train these speakers.

With this approach, the researchers analyzed when the terms that successfully activated the assistants were spoken, ultimately generating a list of over a thousand audio sequences. From there, they were even able to break down the words into their individual sounds and identify other potential false triggers that also activated the voice assistants.

For instance, depending on the pronunciation of the word, the following substitutions awakened the voice assistants:

  • Alexa devices also responded to “unacceptable” and “election,” while “tobacco” could stand in for the wake word “Echo.” Furthermore, “and the zone” was mistaken for “Amazon.”
  • Google Home devices would wake up to “Okay, cool.”
  • Apple’s Siri also reacted to “a city.”
  • Microsoft’s Cortana could be activated by “Montana.”

This phenomenon was not only found in devices trained in English, either. Speakers set to German and some from Chinese manufacturers set to Chinese were also tested, with some samples being more resistant to accidental activation, while some new examples proved very effective—for instance, the German phrase for “On Sunday” (“Am Sonntag”) was commonly mistaken for “Amazon.”

What This Means to Privacy

While the results of this study are fascinating, the true purpose is more disconcerting. Let’s go back to the way these assistants work.

As we said, once the wake word or phrase is recognized by the device, it actively begins listening. In an ideal world, the assistant would only recognize the predetermined words and activate when those specific words were spoken. However, we know that isn’t the case, as this study proves.

So, now we have a situation in which there are devices scattered around, waiting for something close enough to their trigger word to register. Keep that in mind.

We have also mentioned that this data is transcribed and reviewed manually to check for accuracy, which means that another person could potentially be given access to the recording. While we obviously can’t say that we know that one of these people could use this access to their own, personal advantage, we also can’t say that we know they wouldn’t.

Let’s put together a scenario: you’re on the phone with a coworker, talking about a client. Your coworker needs access to the client’s data, so you give them the access credentials to do so. Trouble is, at some point in the conversation, your smart assistant heard a potential trigger word and started recording.

As a result, there is now a recording of your client’s account credentials in the cloud, and potentially being anonymously reviewed by a complete stranger. Setting aside the workplace for a moment, how easily do you think it could be that a smart assistant could pick up some other piece of juicy or embarrassing personal information?

While we aren’t trying to scare you away from using smart speakers, we are trying to demonstrate how important it is that you use them mindfully. There unfortunately is not an option to use a customized word to register that the speaker should listen in (as of yet), so for right now, just try to be more aware of what you’re saying when you’re within “earshot” of them. That, and you should make it a habit to disable the device when not in use, and especially when discussing sensitive information.

For more technology tips, best practices, and security advice, make sure you subscribe to our blog!

Related Posts

Security is a major part of any business, and if there isn’t a diligent approach to the implementation of it, you can be left with huge holes in your network. This month, we thought we would discuss some of the best practices you can take to make sur...
If you’ve been reading this blog for any length of time, you’ve seen us reference a phishing attack. Whether you are being asked by some supposed Nigerian prince to fork over money or you are getting an email by what seems to be your bank that direct...
Since 1982, the technology known as the Internet of Things has given the devices around us greater capabilities through artificial intelligence and Internet connectivity. While this technology spent a long time existing under the radar, so to speak, ...
It’s important to note that all parties involved in patient care (including the patient) benefit from the Electronic Health Record (EHR). These systems are now fundamental to a successful health maintenance system. As more technology is developed tha...
The Cybersecurity and Infrastructure Security Agency (CISA) has released an emergency directive concerning a critical exploit known as Zerologon, that affects servers running Windows Server operating systems that needs to get patched as soon as possi...
While it may sound strange coming from a managed service provider, there is some wisdom to the adage, “if it ain’t broke, don’t fix it.” We know, we know… it sounds a little hypocritical for us to say something like this, when we spend so much time t...
What if I were to tell you that, by the time you finished reading this sentence, all personal data in existence was exposed? If every text sent, every Google search executed, every website visited, everything we had ever done online, was made public?...
Telework has become crucial for businesses to sustain themselves right now, as remote work became a hard and fast requirement in the face of the coronavirus. However, if businesses aren’t careful, they could trade one issue for another in exposing th...
Professional services include some of the oldest professions in the world, and some of the newest. Regardless of what kind of professional services business you run, it is hard to continue to meet your customer’s needs without incorporating some tech...
After dealing with months of regrettable news, a lot of businesses are trying to find the right strategy to navigate all the challenges their road ahead presents. With costs rising and revenues shrinking, there needs to be a strategic urgency that wi...
When we think of cybercrime, most people’s minds go to one of two places. On the one hand, some think about the annoying, misspelled emails that are so obviously scams, while on the other, we can’t help but think about the hacks that we see in movies...
Ransomware is the scariest type of malware out there. It can have a myriad of negative effects on a business, yet it seems to still be on the fringe of the mainstream. Today, we thought we would give somewhat of a refresher course on ransomware. ...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  For locations outside of our service area, we will manage a local vendor to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions