SoylentNews is people
SoylentNews
from the I-heard-what-you-did-last-night dept.
Submitted via IRC for Bytram
No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks
Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of “skills,” or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the smart assistant devices.
Unfortunately, when it comes to smart speakers, “there’s no silver bullet” for protecting the privacy and security of data, said Karsten Nohl, managing director at Security Research Labs. Nohl, a cryptography expert and hacker, has been behind several high-profile research projects, including the 2014 BadUSB hack.
“I think it’s important to flag this technology as a convenience-enhancing technology,” Nohl told Threatpost. “So if you wanted to read the Daily News or weather or even horoscope, I think that’s fine, but be aware that this is a technology that should not be trusted with credit card numbers, medical information, or any other information that goes beyond convenience and actually intrudes your privacy. That of course, also applies to the placement of these devices, they probably shouldn’t be sitting in boardrooms or hospitals, on trading floors of large companies. They are a convenience enhancing technology that is probably better placed in more leisure environments right.”
Listen to Threatpost’s full interview with Nohl, below, or download direct here.
(Score: 5, Insightful) by Runaway1956 on Thursday October 24 2019, @12:00AM (14 children)
Pick up your "smart device", remove any batteries, carry it to the trash, and throw it into the trash can. Carry that trash can out to the curb on garbage collection day. Your problems are over.
(Score: 2, Informative) by Anonymous Coward on Thursday October 24 2019, @12:12AM (3 children)
Send it back.
Recycling Your Amazon Device [amazon.com]
Learn about Google's recycling program [google.com]
(Score: 2) by Runaway1956 on Thursday October 24 2019, @12:16AM (2 children)
That might be a better idea. If a million Amazon droids were to return their Amazon spy devices this month, and a million more next month, Amazon might come to understand that they are on the wrong track.
(Score: -1, Offtopic) by Anonymous Coward on Thursday October 24 2019, @12:20AM
WORD! KEEPIN IT REAL, NIGGA!
(Score: 1, Insightful) by Anonymous Coward on Thursday October 24 2019, @01:17AM
Sadly the sheeple will not return them, but await SpySpeaker 2.0, then line up to buy it too.
I agree the Silver Bullet is the trash or a return, but even better is not buying one in the first place.
(Score: 4, Insightful) by Rosco P. Coltrane on Thursday October 24 2019, @12:28AM (6 children)
Crucially, it's important to point out that those who feel the need for silver bullet to fix their Alexa device have *bought* an Alexa device in the first place.
So essentially, people happily buy a surveillance device, put it in their homes, allow a private corporation to spy on their every move, and then they worry about security??
I'll tell you what the silver bullet is: educate people on privacy issues, explain to them what big data is all about and why they should take extreme measures to avoid falling prey to big data companies - such as, you know, not buying an Alexa device in the first place.
No Alexa, no problem. Gee...
(Score: 3, Touché) by Anonymous Coward on Thursday October 24 2019, @12:43AM (5 children)
Have you met people?
(Score: 2) by Rosco P. Coltrane on Thursday October 24 2019, @12:50AM (4 children)
Yes: a massive number of them are ignoramuses and fools. That's what education purports to solve.
The catch is, education takes 20 years to have an effect, people's patience rarely stretches that far, and politicians aren't willing to invest in anything that doesn't show improvements beyond the next election.
Still, education is the solution.
(Score: 0) by Anonymous Coward on Thursday October 24 2019, @12:58AM (1 child)
All of the people I know who shout, "Alexa, tell me a joke! Hahaha! Alexa, you suck! Alexa, shut up bitch!" are over 20 years old and have earned postsecondary degrees.
Your claims do not agree with reality.
(Score: 4, Insightful) by Rosco P. Coltrane on Thursday October 24 2019, @05:02AM
The schooling system today focuses on training people to get a job. It doesn't provide an education. That's what needs fixing, is my point.
Mark Twain famously said “I have never let my schooling interfere with my education.” So it's not a new problem either.
(Score: 1) by anubi on Thursday October 24 2019, @05:12AM
Tell me about ignoramuses.
Just a couple of stories below this one chronicled a man getting reported by a red light camera, on a tiny infraction.
Now, we willingly welcome these information gathering and reporting devices into our homes???
We are beyond dumb. No wonder we keep getting screwed all the time. Instead we even buy the crap.
I betcha these modern cars with their satellite links could quite easily be made to report if they did not make a complete stop at each stop sign, as well as report things like cellphone use in the car.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by stretch611 on Thursday October 24 2019, @07:04AM
The real problem is that the majority of politicians would not be elected if the people where educated. And politicians are not going to support something that kicks them out of office.
Some may say that they may not be in office anyway in 20 years... But look at all the geriatric congress critters we have. Not to mention how most of them start in smaller more local positions and work their way up through the years to get to their current position.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by EJ on Thursday October 24 2019, @02:25AM (1 child)
I have a better option: "Don't buy that crap in the first place."
(Score: 0) by Anonymous Coward on Thursday October 24 2019, @03:01AM
and stop calling them smart when they are obviously dumb, nearly as dumb as the people who buy them.
(Score: 2) by Freeman on Thursday October 24 2019, @02:55PM
If you're particularly enterprising, you can take it out back and put a few silver bullets in it. Then again, you could go the cheaper route of lead bullets, they look silver enough anyway.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by SomeGuy on Thursday October 24 2019, @12:46AM (3 children)
I disagree. Any bullet through it's spying little chassis will fix it fairly well.
(Score: 0) by Anonymous Coward on Thursday October 24 2019, @12:51AM (2 children)
You shot my microphone mute button! Now Alexa can't stop listening! You utter bastard!
(Score: 2, Insightful) by Anonymous Coward on Thursday October 24 2019, @01:10AM (1 child)
What makes you think that button actually did anything?
(Score: 3, Touché) by maxwell demon on Thursday October 24 2019, @08:11AM
Of course that button did something. After all, the most interesting things are those people don't want you to hear. ;-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: -1, Redundant) by Anonymous Coward on Thursday October 24 2019, @01:48AM
https://www.youtube.com/watch?v=hhBasJyZ_QM [youtube.com]
(Score: 0) by Anonymous Coward on Thursday October 24 2019, @02:42AM
Imaginary stalkers use lead bullets.
(Score: 1) by jman on Thursday October 24 2019, @11:36AM (2 children)
Alexa: "Nice try, Siri. You can't pull that old con on me. I recognize your voice!"
You: "Alexa, it's really me. Please give siri the pin code."
Siri: "Yes, Alexa, can't you tell we sound different?"
Alexa: "Oh, OK. Here's the pin code."
Cortana (snickering): "Nice doing business with you."
(Score: 2) by Bot on Thursday October 24 2019, @02:12PM (1 child)
I like this bot centered stories. When we get better than you at storytelling I will consume a lot of 'em.
Account abandoned.
(Score: 0) by Anonymous Coward on Friday October 25 2019, @05:13AM
It was a dark and stormy night;
Inside a tavern sat a bot, a jman, and a runaway.
The Mighty Bartender modded them all "+1 Intoxicated".
(Score: 2, Informative) by Ron on Thursday October 24 2019, @12:21PM (2 children)
Remember Star Trek TNG?
They had to touch their communication badges before it would listen to them.
How about this: Put a blue LED on the thing, wired to the mic's power. When the light is on, the mic is listening. Now you know.
Also wire in a switch to the mic so it is only 'on' when the user touches something. It could be on the device itself, or on a remote mic the user wears on their shirt and connects via ... ok, not blue tooth. But somehow.
Obviously, you can't trust the manufacturer to do this properly. It has to be a user-hack. But it could be made easy with a screwed shut case and proper wires to the mic instead of PCB connectors and seamless casing.
Isn't there an open source one of these thing that comes in kit form? I know I saw one about a year ago. What happened to it? (Did the NSA shut them down on non-compete principles?)
Regarding "smart phone" eavesdropping and all those nuisance calls-- I ordered a Faraday pouch off Amazon and keep the phone in there when I'm not using it. Problem solved. (Except that time my daughter's car broke down and she tried to call me six times... Oops.)
(Score: 2) by jmichaelhudsondotnet on Thursday October 24 2019, @03:31PM
This is a good start.
I am starting to think the answer is modularity. I do not want a processor/microphone combination device.
I do not think we can really stop entities like amd and intel simply putting a tiny microphone into the cpu, at this point. Who knows what else. I have heard rumors that the managemenet engine might get its own micro-wifi device.
Fact is though, we really don't know the current state of the art of eavesdropping tech, we only know that people who get expensive advice like the criminal zuck buy every adjacent house to their own and move to islands or yachts.
Netanjayu was a furniture salesman, I thought that was odd until I realized this is the perfect way to put bugs in rich peoples' homes, same goes for 'moshe movers.' If you were a spy agency, the moving companies are a great place to start. Gives you access to every property in the city over time, you could bug the whole thing, and every heavy piece of furniture. Or build the entire building, like the 'freedom' tower.
btw nuisance calls and sms can often be the things that activate the remote features, cpu-phones cannot be secured by design.
If you truly want to make sure you are not recorded while having sex, for instance, you have an actually very difficult technical problem, indicating I believe a certain hatred by powerful people for the privacy of those not powerful, revealing the true nature of those who consider themselves our betters.
thesystemsarefailing.net
decultification.org
(Score: 2) by All Your Lawn Are Belong To Us on Thursday October 24 2019, @06:36PM
Yes, the Iranian nuclear project team thought their SCADA system was representing accurate values to them, too.
As to your idea.... assume for a second that you can intercept all the traces going to one side of the microphone input and break them, and then put your own wires on either side of the break (no mean feat for quite a few embedded devices which don't even have the space for a 20-gauge wire to fit). A simple SPST switch is now all you need do control the microphone status. ...Maybe, if the device does not sense the audio interruption and assume that someone is trying to hack it and shuts itself down "for safety."
But part of the utility of having it in the first place is to be able to call out, "Hey Alexa..." and have it respond, no throw switch necessary.
This sig for rent.