SoylentNews is people
SoylentNews
from the I-heard-what-you-did-last-night dept.
Submitted via IRC for Bytram
No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks
Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of “skills,” or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the smart assistant devices.
Unfortunately, when it comes to smart speakers, “there’s no silver bullet” for protecting the privacy and security of data, said Karsten Nohl, managing director at Security Research Labs. Nohl, a cryptography expert and hacker, has been behind several high-profile research projects, including the 2014 BadUSB hack.
“I think it’s important to flag this technology as a convenience-enhancing technology,” Nohl told Threatpost. “So if you wanted to read the Daily News or weather or even horoscope, I think that’s fine, but be aware that this is a technology that should not be trusted with credit card numbers, medical information, or any other information that goes beyond convenience and actually intrudes your privacy. That of course, also applies to the placement of these devices, they probably shouldn’t be sitting in boardrooms or hospitals, on trading floors of large companies. They are a convenience enhancing technology that is probably better placed in more leisure environments right.”
Listen to Threatpost’s full interview with Nohl, below, or download direct here.
(Score: 2) by jmichaelhudsondotnet on Thursday October 24 2019, @03:31PM
This is a good start.
I am starting to think the answer is modularity. I do not want a processor/microphone combination device.
I do not think we can really stop entities like amd and intel simply putting a tiny microphone into the cpu, at this point. Who knows what else. I have heard rumors that the managemenet engine might get its own micro-wifi device.
Fact is though, we really don't know the current state of the art of eavesdropping tech, we only know that people who get expensive advice like the criminal zuck buy every adjacent house to their own and move to islands or yachts.
Netanjayu was a furniture salesman, I thought that was odd until I realized this is the perfect way to put bugs in rich peoples' homes, same goes for 'moshe movers.' If you were a spy agency, the moving companies are a great place to start. Gives you access to every property in the city over time, you could bug the whole thing, and every heavy piece of furniture. Or build the entire building, like the 'freedom' tower.
btw nuisance calls and sms can often be the things that activate the remote features, cpu-phones cannot be secured by design.
If you truly want to make sure you are not recorded while having sex, for instance, you have an actually very difficult technical problem, indicating I believe a certain hatred by powerful people for the privacy of those not powerful, revealing the true nature of those who consider themselves our betters.
thesystemsarefailing.net
decultification.org