Spy on the table: why are voice assistants dangerous?

The expert says voice assistants that are part of modern smartphones or smart speakers may pose a danger to their owner’s personal details. Since their primary purpose is to monitor the user’s audio instructions, they continuously listen to their atmosphere to “see” what’s going on nearby. What is the risk of robotic assistants elsewhere?

In an interview with Prime Agency, modern smart assistants, programmed to respond to user voice commands, continuously record the ambient room, which carries a range of threats, said Ashot Hovhannisyan, founder of the DLBI leak intelligence service. The truth is that audio recordings made by a smartphone or speaker are always submitted for content verification to the manufacturer’s repositories, where they will theoretically become attackers’ targets.

This technology is still limited, the expert said, and voice assistants do not always ‘understand’ how to respond to the instruction of the customer. This will relate to the fact that the alarm will turn off or the heating starts up in the smart house, which is operated by the assistant, when no one is there.

Records containing sounds that the machine does not know are frequently listened to by “assessors”-people interested with” marking “data for neural networks. Assessors are also not business staff and do not honor the requirements of secrecy. Particularly “interesting” recordings of sounds or conversations as a result of their work may even appear on the Internet, “the expert explained.

Interestingly, Bloomberg reported a comparable breach by Amazon, which has its own voice assistant, Alexa, last April. Then it became clear that not only do Amazon staff record meetings, but even listen to them, and then share them to make fun of them on the Internet. In addition, some Alexa users complained that the assistant first recorded their speech, and then mistakenly sent it to the user’s friends.

Oded Vanunu, head of security analysis at Check Point App Innovations, believes that voice assistants are ubiquitous, but not all consumers see them as a possible source of cyber attacks.

Apps using this application may provide access to multiple machines, as well as to the owner’s personal details. Check Point researchers recently found a flaw in the Alexa voice assistant, so fraudsters were able to monitor customer accounts and obtain access to their voice history and personal info.

Thus, in case of a successful attack, the hacker can use the victim’s confidential data for his own purposes, as well as listen to everything that happens around the device and control it without the owner’s knowledge.

We request that you read the user agreement carefully, in which the manufacturer determines what details it gathers and for what reason. The manufacturer is, of course, not only responsible for the non-disclosure of sensitive documents, but also for ensuring the protection of its devices. “For his part, however, the customer is responsible for timely device upgrades, which is the primary way to defend against cyber attacks,” said the Gazeta. Ru article.

As Elena Ageeva, senior consultant of the Jet Infosystems Information Security Center, confirms, voice assistants operate by design and gather details about what is happening around them using a microphone.

“All words that were spoken in the hearing range of the device’s microphone are transmitted to the developer’s servers for recognition and processing. Data leakage can spread snippets of conversations and information about the user’s location.

For example, it is possible to understand from the corresponding background noise or sounds that a person is in the subway, somewhere at a concert, at home, in the office or on the street.

Furthermore, the exposure of separate passwords, phone numbers, user addresses and other private details can not be removed, since they can be pronounced aloud by the system owner. Unauthorized surveillance of consumer communications can also be carried out, for example, for personalized ads, by system makers themselves,’ the specialist explained.

In the planet, there is no completely invulnerable program that is not exposed to outside interference, says Pavel Myasoedov, Intellectual Reserve collaborator and owner. Around the same time, the device can either be hacked pointwise, destroying the gadget of the customer, or it is possible to carry out a hacker assault on the services of the maker-which is more costly because it requires considerable planning and necessary expertise. As a consequence, consumer data ends up with third parties-voice recordings, sensitive records, company communications-which can use it on their behalf or sell it to fraudsters.

“Voice message leaks are especially dangerous for those who use the services of banks, which can identify the owner by conversation. There is a risk of losing money if the recordings from the voice assistant fall into the wrong hands, ”the expert explained.