Smart Devices: Let’s Get Real About Security
Google Assistant Voice Assistant Google IoT Security Smart Devices 18-05-22 Jenny Medeiros 4 min read
Did you ever hear about that prankster who sent ominous messages to their neighbor’s wireless printer?
If you haven’t, the short story is that after a Texas teen realized their neighbor’s network was unsecured, they made it their mission to wirelessly print a string of panic-inducing messages. Documents with phrases like, “This is your printer. I have become self-aware. Run.” Soon enough, the neighbor became frantic and tossed the devil printer to the curb (which the prankster then gleefully picked up).
You may be on the side of the prankster here, because honestly, who in this day and age doesn’t secure their wireless connection? But imagine if this kind of infiltration happened with smart home devices too. What if someone was able to send cryptic messages through your Amazon Echo, HomePod, or Google Home?
Image credit: TopMoving
By buying a smart speaker, are we really just opening a doorway to our home? By wiring ourselves to the world, are we also giving access to hackers? As our technology gets smarter, so will the gremlins of the IoT underworld.
But what’s the worst that can happen?
You’ve heard it before. “Spies! High-tech eavesdroppers! Marketing puppets!”, etc. But let’s be real here. Most smart device users are well aware that their oh-so-helpful Virtual Assistant (VA) is transforming their search history, requests, and shopping preferences into marketable data. It’s already happening when you visit a website or buy something on Amazon. Same thing, different medium.
But there are worse scenarios than having a brand know you like purple shoes. A research group from University of California, Berkeley and Georgetown University showed it was actually possible to send hidden commands to Siri, Alexa, and Google Assistant through normal media. While you, an innocent human, would simply hear a music track or a YouTube video; your smart speaker could be hearing instructions to open a malicious website, buy stuff online, or unlock your front door.
The U.C. Berkeley team managed to generate hidden messages using Mozilla’s open-source DeepSpeech, and then embed them into music files and speeches. Humans would hear music or a phrase, but Google Assistant would hear the instruction to browse to evil.com. One of the researchers, Nicholas Carlini, told the New York Times that while these sneaky techniques haven’t left the lab yet, it’s only a matter of time before someone starts exploiting them.
So what’s being done about it?
The top guns in the smart speaker industry are making it clear to the public that they’re not oblivious to the ill-intended uses of their products.
Amazon released a list of security measures for developers to follow on their website, and stated to NBC that they’re “taking measures to make Echo secure”. Google said they’re deeply focused on security and are working on features that will mitigate undetectable audio commands. Apple, although their HomePod isn’t as popular as the others, is already designed to prevent important commands (like unlocking doors) from being carried out if the user’s iPhone or iPad is locked.
Should we be worried?
As with everything new in technology, there must always be a degree of caution. We as users of smart devices also share the responsibility of protecting our own privacy. You can’t be surprised when Alexa knows your bank PIN numbers when you gave them to her yourself “so she could remind you”. As a general rule, don’t give your VA sensitive information until all the security kinks have been worked out. We have to be smarter than our smart devices.
Even if you’re tempted to toss your smart device out the window and furnish yourself with a tin-foil hat. Keep in mind that there’s a very bright side to all this. As more and more vulnerabilities are discovered, companies have the chance to fix them before others can take advantage. Researchers like Nicholas Carlini are essential in this preventative process, so instead of their discoveries instilling fear, they should make us feel relieved that the issue is known.
Nicholas Carlini himself will be speaking at VOICE, and he’ll be diving deep into this very delicate subject. There will also be countless other speakers giving their own insight and maybe even inspire entrepreneurs to create their own smart devices. Secure ones that don’t have to be connected to a big tech company to work. The future is in our hands, people.
Jenny Medeiros
Jenny is an engineer turned tech writer with hands-on experience in VR, AR, video game development, and UX-focused web design. Nowadays, she partners with tech companies to help explain emerging technologies simply. When she's not writing, she's likely daydreaming and forgetting her tea.