27 June 2018
With more and more of us bringing the likes of Alexa, Siri, Cortana and Google Assistant into our homes to help us get organised and make everyday tasks a little easier, the thought of this seemingly family-friendly tech being vulnerable to attack and major operational flaws is somewhat disconcerting to say the least.
Amazon recently confirmed a report that one of its Echo devices actually recorded a family’s conversation without their knowledge and messaged it to a random person on their contact list, who just happened to be an employee of a family member. Luckily in this case it was a pretty innocuous conversation that was overheard.
“As mass adoption grows, there will be security challenges. What if your window is open and someone outside yells at Alexa to unlock the door? How do we stop hackers from taking control of these devices?” Alex Capecelatro, founder and CEO of Josh.ai
Chinese researchers have found vulnerabilities in each of the world’s most popular voice assistants. Using a technique known as the DolphinAttack, they took normal voice commands and converted them into ultrasonic frequencies that are far too high for the human ear to recognise, but perfectly clear for microphones or voice assistants. They were then able to feed the voice assistants a series of high-frequency commands.
This hack works on various devices. It has made a MacBook and a Nexus 7 open malicious websites, commanded Amazon Echo to “open the back door” – which it did. It even managed to get an Audi Q3 to change locations.
So not only do we have to worry about data breaches, these kind of hacks could also pose life-threatening dangers too.
For now, users can turn off their assistant’s always-on feature to avoid the vulnerability, but long-term there needs to be a better solution.
There’s also a worry for the business world, with the possibility of a massive push towards incorporating voice assistants into the workplace.
“Most companies should be cautiously evaluating the use and potential before implementing any voice system into major systems. There needs to be a period of testing and security validation or a business runs the risk of creating a new attack surface they are not prepared to deal with.” Chris Morales, Head of Security and Analytics at Vectra.
So the advent of the voice assistant in the workplace that is always there, listening and ready to respond, leaves IT security with a new area of employee training to develop and manage in order to protect against data breaches.
The importance of responsible computer recycling has never been more vital, if you want to keep your personal and organisational secrets to yourself and avoid a costly data breach. If your company is one that is committed to the ethical recycling of its obsolete computers and technology products, make sure secure and environmentally friendly computer recycling that adheres to proper recycling regulations is part of your consideration, to ensure ultimate data security. It’s also important to be aware that companies are now legally obliged to safely dispose of potentially sensitive information in accordance with current security laws and the Data Protection Act of 1998. Be sure only to use a computer recycling company that operates in accordance with, and preferably exceeds all government guidelines such as the WEEE Directive and the Data Protection Act.