Increasing the privacy and security of virtual assistants

With the growing number of consumers choosing to add smart speakers to the devices within their home; attackers will likely begin to leverage this trend for their own nefarious purposes. Moreover, there has recently been an example of how these devices can inadvertently breach your privacy. Adding to this; security researchers have already demonstrated vulnerabilities showing that unintended actions are possible.

Researchers from Indiana University in Bloomington, the University of Virginia and the Chinese Academy of Sciences recently demonstrated the following vulnerabilities and their affects leading to Amazon and Google evaluating possible fixes or working on ways to mitigating them:

Scenario 1: Smart speaker has a 3rd party app “skill” installed which accepts an activation phrase (“Alexa” [follow by your choice of words]) very similar to other legitimate apps. It has the potential to hijack the connection

Scenario 2: Using a rogue skill; an attacker can eavesdrop on conversations and simulate returning control to a legitimate skill but instead carry on to gather further sensitive information from the user. Recent research carried out has had about 50% success with impersonating legitimate skills.

Scenario 3: Previous research back in April involved creating a skill that purposely fails to terminate after hearing the activation phrase

What steps can I take to make these attacks more difficult?
The advice below will not only make your device more secure but will also safeguard your privacy by ensuring data is not stored by the smart speaker vendor over a long period of time:

  • Regularly check for an install updates for your devices:

Amazon Echo Devices:
https://www.amazon.com/gp/help/customer/display.html?nodeId=202168870

Google Home Firmware Versions:
https://support.google.com/googlehome/answer/7365257?hl=en&ref_topic=7071995

Apple HomePod:
https://www.imore.com/how-install-software-updates-your-homepod

References:
Apple HomePod List of Privacy Features

Data security & privacy on Google Home

Some tips to guard your privacy while using the Amazon Echo

Some further steps to take to better secure your Amazon Echo

Apple releases its first HomePod software update, but no AirPlay 2 or pairing

Amazon Echo: Complete list of commands

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.