How Can We Secure Our Use of Smart Assistants?

How Can We Secure Our Use of Smart Assistants?

Smart assistants are one of the most intriguing and confounding technologies developed over the past decade. At the time of this writing, over 150 million smart speakers are in 60 million homes in the United States, when you add in the smart assistants available on mobile devices and other various smart devices, you’re talking a billion people actively using some type of smart assistant. Over the past couple of years, you’re beginning to see these assistants being used more for business and this has made certain security-minded people a little weary of them. Let’s take a look at some of the security questions surrounding the smart assistants.

What Do Our Smart Assistants Actually Hear?

We all know that person that claims that the smart assistants are being hacked into by the government and they are listening into our conversations. For the majority of us, that conspiracy doesn’t make a whole lot of sense. That said, these devices do listen, when they are prompted to. Here is how to trigger four of the most popular assistants: 

  • Amazon Alexa devices respond to the term “Alexa,” ”Computer,” ”Amazon,” or “Echo.”
  • Google Home devices wake up to “Okay/Hey, Google.”
  • Apple’s Siri responds to “Hey Siri.”
  • Microsoft’s Cortana reacts to its name, “Cortana,” or “Hey, Cortana.”

There have, in fact, been instances where these smart assistants, and especially with the smart speakers, pick up some things they weren’t supposed to. If you have one of these speakers in your home, there have to be some natural security concerns, but they probably aren’t from the manufacturers. 

The Analysis

Researchers looked into the question of what exactly these smart assistants hear and formed a paper titled, Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers. They analyzed when the terms that successfully activated the assistants were spoken, finishing with over a thousand phrases. They then further analyzed them into their phonetic sounds to try and ascertain why there were so many false positives. 

Depending on how a user pronounced a word, some triggers were found, including:

  • Alexa devices also responded to “unacceptable” and “election,” while “tobacco” could stand in for the wake word “Echo.” Furthermore, “and the zone” was mistaken for “Amazon.”
  • Google Home devices would wake up to “Okay, cool.”
  • Apple’s Siri also reacted to “a city.”
  • Microsoft’s Cortana could be activated by “Montana.”

Of course, these assistants are used on devices all over the world, and as a result found that when used in other languages had a lot of the same issues. For example, the German phrase for “On Sunday” (“Am Sonntag”) was commonly mistaken for “Amazon.”

What Does This Mean for Individual Privacy?

Even with the interesting nature of this analysis, the findings are a little more disconcerting. The study shows that once the wake word or phrase is recognized by the device, it immediately starts listening for queries, commands, and the like. So even though they claim to only start listening when prompted to, several different iterations of phrases can cause the assistant to start listening.

The complications don’t end there, since the data is reviewed manually by people—which already destroys any notion of privacy—one of those technicians could potentially be given information that wasn’t intended to be captured by an assistant. This could potentially be devastating if the technician whose job is to manually check this information were to gain access to account information or some other PII and use it in an unethical way.

The smart speaker, and smart assistant are useful products that need a little more refinement before we can completely trust them. To learn more about new technology and how it is being used, check back to our blog regularly.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, October 29 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing Privacy User Tips Email Cloud Microsoft Network Security Efficiency Hosted Solutions Business Hackers Software Computer Data Workplace Tips Malware Hardware Communication IT Services Google Small Business IT Support Cloud Computing Internet Smartphone Mobile Devices Mobile Device Tech Term Android Data Recovery Managed IT Services Users Backup Innovation Ransomware Phishing Outsourced IT Windows VoIP Saving Money Information Upgrade Smartphones Data Backup Social Media Miscellaneous Disaster Recovery communications Windows 10 Facebook Business Continuity Cybersecurity Office 365 Business Management Server Network Browser Microsoft Office Passwords Productivity Quick Tips Managed IT Services Data Management Windows 10 Internet of Things Word Managed Service Vulnerability App Remote Monitoring Apps Analytics COVID-19 Gmail Gadgets Collaboration Money Conferencing Save Money Encryption Infrastructure Artificial Intelligence Government Remote Work Chrome Managed Service Provider Mobile Office IT Support Tip of the week Spam Information Technology Remote Workers Employer-Employee Relationship Networking Website Google Drive VPN Access Control Applications Paperless Office Router Virtual Reality Settings Company Culture BYOD Maintenance Firewall Display Avoiding Downtime Development Document Management WiFi Employee-Employer Relationship YouTube Operating System Antivirus Risk Management Robot HIPAA BDR Office Tips Bandwidth Content Filtering Automation IT Management Data Security Education Business Technology Apple Storage Virtual Private Network Big Data Unified Threat Management Computers Hacker Data storage Retail Alert Two-factor Authentication Managing Stress Managed IT Service Computing Outlook Managed Services Customer Relationship Management Scam Bring Your Own Device Social LiFi Vendor Management Break Fix Wireless Hosted Solution Monitors Solid State Drive Humor Administration Chromebook OneNote Best Practice Search Training Data Breach Mouse Mobile Security Windows 7 IT Hard Disk Drive Software as a Service Laptop Going Green End of Support Social Network The Internet of Things Server Management Remote Computing Touchscreen Compliance Business Intelligence Managed IT Printing Data loss Password SaaS How To Downtime Tablet Wi-Fi Marketing Telephone Systems Regulations Holiday iOS Virtualization desktop MSP Augmented Reality Memory Address Permissions Computing Infrastructure Professional Services Analysis Students Inventory Social Networking Human Error Politics Battery Patch Management Star Wars Scalability Halloween Asset Management User Error Chatbots eWaste Virus Alt Codes Nanotechnology Utility Computing Spyware Customer Service Wearable Technology Network upgrade Updates Uninterrupted Power Supply Work/Life Balance Peripheral Specifications Cables Device Reducing Cost Computer Care IBM Health Private Cloud Alerts USB Mixed Reality File Sharing Budget Office Samsung Shadow IT Heating/Cooling Multi-Factor Security Motherboard Tech Support Files Fraud Cost Management Migration Consulting Scary Stories Memes Time Management Printer Identity Continuity LED Threats Typing Black Friday Screen Reader Charging Laptops Running Cable Identity Theft Current Events Smart Office PowerPoint Management Wires Mobility Batteries Corporate Profile Emergency Licensing Dongle Buisness Social Engineering Gamification Servers Google Calendar Websites RMM Dark Web Assessment Sports Automobile Twitter Network Management Solar Co-Managed IT Virtual Desktop G Suite Cryptocurrency Cyber Monday Smart Tech Managed Services Provider IT solutions Work Onboarding GDPR Dell Google Docs Policy Voice over Internet Protocol Print Toner Myths WannaCry Hacks Cooperation Service Level Agreement Slack Hard Disk Drives Cabling Safety Legislation Bitcoin Banking Microsoft Excel Hotspot Internet Exlporer Messaging Google Maps Google Wallet Holidays SharePoint Content Huawei Smart Technology Connectivity Entertainment Vendor Network Congestion Distribution Techology IT Technicians Optimization Digital Signage Data Warehouse Business Growth Procedure Modem FinTech Shortcuts Mobile Management Cybercrime Lenovo Staff Leominster Monitoring Solid State Drives Legal Statistics Windows 8 Mail Merge Blockchain Language Value Employee-Employer Relationships Unified Communications Drones Writing Payment Card Downloads Streaming Processor PCI DSS Shortcut Distributed Denial of Service IoT Hybrid Cloud Digital Payment Logistics VoIP Unified Threat Management Mirgation Recycling Troubleshooting Business Analysis Cookies Security Cameras Profiles Digital Mobile Device Management Dark Data Update Firefox Superfish K-12 Schools Spying National Security Meetings Disaster Deep Learning Bluetooth Comparison Cleaning Computer Repair Relocation Mobile Data Printers CCTV Mobile Computing Recovery Webcam How To Error Black Market Point of Sale Ben McDonald shares Law Enforcement Electronic Medical Records Travel Notifications Physical Security Financial Regulation Supercomputer CrashOverride Emoji Upgrades Gadget Staffing Motion Sickness Crowdsourcing Personal Information Botnet Administrator Taxes IT Budget Cortana Web Server what was your? 3D Printing GPS IT Consultant Machine Learning Reviews Processors Cameras Unsupported Software Tracking

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3