The article in Engadget goes on about a couple in Oregon whom have been directly affected by this "storm in a tea cup".
Apparently the AI used by Alexa listens continually for it's activation keyword, in all conversations within earshot of the devices microphone.
The couple in question were luckily alerted by the husbands employee, who called him and shared the recording of the conversation sent to the employee by the Amazon Alexa AI.
The couple immediately reported the issue to Amazon and through their investigations and testing of the devices logs (stored in the cloud), determined that the events as dictated in detail, indeed occurred.
Amazon released a statement saying,
"Echo woke up due to a word in background conversation sounding like "Alexa." Then, the subsequent conversation was heard as a "send message" request. At which point, Alexa said out loud "To whom?" At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, "[contact name], right?" Alexa then interpreted background conversation as "right". As unlikely as this string of events is, we are evaluating options to make this case even less likely."
More troubling however is a report that surfaced recently about hackers from Zheijiang University in China, who discovered a flaw in voice control products including Siri, Google Assistant, Samsung S Voice and Alexa, naming the attack "The Dolphin Attack"
The Dolphin Attack has shown that the flaw can allow for malicious action including operating the Smart Lock on your front door or opening web pages to malware sites.
The Dolphin Attack was shown to be effective in exploiting the vulnerabilities in items like smartphones, iPads, Macbooks, Amazon Echo even an Audi Q3 - all up, about 16 devices and 7 systems in total.
The researchers even claimed they were able to alter the GPS navigation on the Audi Q3.
The Dolphin Attack works by sending commands in ultrasonic frequencies that are too high for humans to hear.
Interesting too, I have personally witnessed the effects of activation of the Google Assistant function on my Android Smartphone, when it was plugged into my vehicle hands-free cradle as I was driving while operating the Google Maps function. A segment I was listening to on NPR (National Public Radio) was playing on my vehicle radio and when the reporter mentioned the activation command "Okay Google" or "Hey Google", my phone (which was running the Google Maps app), picked up the command and recognized the sound as another command (by me) and began executing that command.
These revelations are especially troubling today because many consumers are opting for the convenience of IoT (Internet of Things) connected devices, to augment their lives. The security flaws accompanying many of these modern devices could potentially make our homes, our vehicles, our workplaces significantly less secure than bygone times.
Working with your local locksmith to install mechanical or hardwired security products, that are not connected to vulnerable "smart" devices, may be the simple and yet still affordable/competitively priced solution to protecting your family, your workplace even your vehicles.
Most locksmiths around the world, will offer no obligation security appraisals and advice to keep you secure. they are just a phone call or email away. Your family, your colleagues and even your vehicles will likely appreciate your desire to keep them secure and protected.
(source...)
No comments:
Post a Comment
Locks210 encourages public discussion on articles of interest. Please feel free to post your opinion.
Posts are subject to moderation.