Today, there are more ways to keep our data safe and private than ever before. From password managers, to multi-factor authentication, to encryption everywhere, to bio-metrics authentication, to VPNs, to encrypted DNS. And yet, as the ways to keep your data safe increase or become more easily accessible, so do the ways in which we more freely give that very data away.
Though voice assistants are nothing new, their popularity has grown exponentially in the past couple of years. It makes sense. As the world becomes ever more connected, our ability to communicate is limited by our current input method of choice, typing. Typing is not as effective as speech because it is serial by nature, nor possible with some devices. In the early days, speech-to-text, and general spoken actions, were either too slow or too inaccurate.
Fast-forward to 2019 and speech input has improved dramatically. So much so, that speech has become an actual, equally-effective, means of input. Like most things in life, there is a beginning, a middle and an end. The care-free days of smart-speakers are gone. Malicious apps are beginning to make their way to smart-speakers, both Amazon-based and Google-based.
In the videos below, researchers were able to “infect” both Alexa and Google smart speakers through their official app stores.
This video show how said apps were able to eavesdrop without letting the user know.
This video shows how a generic error can lead a user to believe an update is necessary. Using the update requirement as a premise, a malicious app can subsequently request personal information from an unwitting user, like a password, credit card information, birthday, etc.
Smart speakers are here to stay, that is a fact. However, it is important that we place as much skepticism on them, as we do on our phone apps, and desktop applications.
