SoylentNews is people
SoylentNews
from the I-heard-what-you-did-last-night dept.
Submitted via IRC for Bytram
No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks
Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of “skills,” or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the smart assistant devices.
Unfortunately, when it comes to smart speakers, “there’s no silver bullet” for protecting the privacy and security of data, said Karsten Nohl, managing director at Security Research Labs. Nohl, a cryptography expert and hacker, has been behind several high-profile research projects, including the 2014 BadUSB hack.
“I think it’s important to flag this technology as a convenience-enhancing technology,” Nohl told Threatpost. “So if you wanted to read the Daily News or weather or even horoscope, I think that’s fine, but be aware that this is a technology that should not be trusted with credit card numbers, medical information, or any other information that goes beyond convenience and actually intrudes your privacy. That of course, also applies to the placement of these devices, they probably shouldn’t be sitting in boardrooms or hospitals, on trading floors of large companies. They are a convenience enhancing technology that is probably better placed in more leisure environments right.”
Listen to Threatpost’s full interview with Nohl, below, or download direct here.
(Score: 2, Informative) by Ron on Thursday October 24 2019, @12:21PM (2 children)
Remember Star Trek TNG?
They had to touch their communication badges before it would listen to them.
How about this: Put a blue LED on the thing, wired to the mic's power. When the light is on, the mic is listening. Now you know.
Also wire in a switch to the mic so it is only 'on' when the user touches something. It could be on the device itself, or on a remote mic the user wears on their shirt and connects via ... ok, not blue tooth. But somehow.
Obviously, you can't trust the manufacturer to do this properly. It has to be a user-hack. But it could be made easy with a screwed shut case and proper wires to the mic instead of PCB connectors and seamless casing.
Isn't there an open source one of these thing that comes in kit form? I know I saw one about a year ago. What happened to it? (Did the NSA shut them down on non-compete principles?)
Regarding "smart phone" eavesdropping and all those nuisance calls-- I ordered a Faraday pouch off Amazon and keep the phone in there when I'm not using it. Problem solved. (Except that time my daughter's car broke down and she tried to call me six times... Oops.)
(Score: 2) by jmichaelhudsondotnet on Thursday October 24 2019, @03:31PM
This is a good start.
I am starting to think the answer is modularity. I do not want a processor/microphone combination device.
I do not think we can really stop entities like amd and intel simply putting a tiny microphone into the cpu, at this point. Who knows what else. I have heard rumors that the managemenet engine might get its own micro-wifi device.
Fact is though, we really don't know the current state of the art of eavesdropping tech, we only know that people who get expensive advice like the criminal zuck buy every adjacent house to their own and move to islands or yachts.
Netanjayu was a furniture salesman, I thought that was odd until I realized this is the perfect way to put bugs in rich peoples' homes, same goes for 'moshe movers.' If you were a spy agency, the moving companies are a great place to start. Gives you access to every property in the city over time, you could bug the whole thing, and every heavy piece of furniture. Or build the entire building, like the 'freedom' tower.
btw nuisance calls and sms can often be the things that activate the remote features, cpu-phones cannot be secured by design.
If you truly want to make sure you are not recorded while having sex, for instance, you have an actually very difficult technical problem, indicating I believe a certain hatred by powerful people for the privacy of those not powerful, revealing the true nature of those who consider themselves our betters.
thesystemsarefailing.net
decultification.org
(Score: 2) by All Your Lawn Are Belong To Us on Thursday October 24 2019, @06:36PM
Yes, the Iranian nuclear project team thought their SCADA system was representing accurate values to them, too.
As to your idea.... assume for a second that you can intercept all the traces going to one side of the microphone input and break them, and then put your own wires on either side of the break (no mean feat for quite a few embedded devices which don't even have the space for a 20-gauge wire to fit). A simple SPST switch is now all you need do control the microphone status. ...Maybe, if the device does not sense the audio interruption and assume that someone is trying to hack it and shuts itself down "for safety."
But part of the utility of having it in the first place is to be able to call out, "Hey Alexa..." and have it respond, no throw switch necessary.
This sig for rent.