Security of smart columns

2020

Voice assistants can lead to date leaks

Voice assistants can lead to date leaks. It became known on September 23, 2020.

The voice assistant is dangerous that he constantly listens to surrounding space waiting for commands and hears everything that is told and occurs nearby.

At the same time most of assistants send a part of an audio stream on servers of the companies-razrabochikov where data are stored beyond all bounds long and in the long term can do essential harm. The founder of developer company of DLP systems and software for protection against DeviceLock date leaks Ashot Oganesyan told about it.

The expert considers that as the neuronets recognizing voice commands are guided by a fuzzy logic, inadequate actions of a virtual assistant are quite possible. And if at the same time it manages, for example, the smart house or a security system, these actions can cause the actual damage. For example, signaling will be turned off or in the empty house heating will begin to work.

At the same time Oganesyan noted that self-contained specialized units, such as audiocolumn, collect, generally audiothese, but voice assistants who are built in computers or smartphones have access to all data of the operating system.

It is how safe to use the voice assistant, everyone should solve itself, proceeding from the understanding of things which happen to it and which he would like to leave private, the expert concluded^[1].

Prohibition on use of smart columns at work for the British government employees

On July 17, 2020 the government of Great Britain prohibited public servants to use smart columns during the meetings. Prohibition concerns officials who are forced to work from the house in connection with quarantine measures because of COVID-19 pandemic.

According to the Business Insider edition, public servants should or disconnect smart columns, for example, Amazon Echo or Google Nest, or to move away them from the room when holding meetings. As many switched over to the strengthened operation mode, need for security, obviously, amplified.

One of officials reported to Business Insider what he was told literally to send its smart column to a garbage can. Meanwhile other official noted that such approach to work practices already for a long time.

In Great Britain government employees are forbidden to use smart columns at work

Intellectual columns, such as Echo and Nest, gradually turn into indivisible element of everyday life of many people as users of smartphones got used to ask for the help digital assistants - Amazon Alexa or Siri Apple. Government employees are forbidden to use such devices during the meetings for the reason that the gadget can be activated even having recorded the wrong command, record background the speech goes afterwards to servers.

Earlier the Bloomberg agency reported that the staff of Amazon sometimes listened to the records Echo without the knowledge of users where something delicate could be discussed or even over confidential.

Besides, on July 16, 2020 it became known that the government of Great Britain is going to introduce new requirements for safety of use of intelligent devices, in particular requirements will concern reliability of the set passwords. Producers of smart devices will have to provide functionality thanks to which consumers will be able to announce existence of vulnerabilities and to control updates for security.^[2]

Councils for security from Roskachestva

Councils will concern a smart column below — one of the most popular components of the smart house:

• if there is such option, consider the possibility to refuse exchange with the producer of the records used for improvement of service and shutdown of "the personalized search results";
• switch-off devices when they are not used. It is better not to discuss confidential subjects in the presence of a smart column;
• turn on email notifications to monitor attempts of unauthorized access or Internet purchases. Absolutely ideal will not tie the main account connected with means of payment to columns.
• The danger of smart devices is also that they change "firmware" of the owner. So, for example, with the smart device it is possible to forget about need to switch off the iron independently, and, having arrived to hotel or on a visit, having used the "stupid" iron, it is possible not to switch off it on the automatic machine.

Dialogs from series can include the digital assistant

Smart columns like Amazon Echo, by HomePod Apple and Google Home can be activated when viewing TV series and spy on users. Specialists of Northwestern University (USA) and Imperial College London^[3] based on the made experiment^[4] came to such conclusion ^[5].

During the experiment researchers within 125 hours reproduced content of Netflix and watched whether phrases from dialogs in series will be able to activate digital assistants in Google Home Mini devices of first generation, Apple Homepod, Harman Kardon (Cortana) and Amazon Echo Dot. Their purpose was to find out whether write smart columns accidental sounds from the environment and if yes, that how and when it occurs. Also researchers tried to reveal the patterns which are based on the certain words which are not intended for activation of the assistant, certain types of dialog, location and other factors.

During the research specialists reproduced TV series of Netflix of different genres and on different subjects with a large number of dialogs. They repeated tests several times with the purpose to define what words, unappropriated for awakening of the assistant, regularly activate columns.

As it became clear during the experiment, the assistant is accidentally activated up to 19 times a day, at this Siri and Cortana are most of all inclined to accidental records of surrounding sounds. Most often assistants were activated when viewing TV series of Girl of Gilmore and Office.

Researchers also revealed some patterns in what words, unappropriated for the assistant, can activate it. For example, it were the words which are rhymed with the words of activation (in particular, Amazon Echo accepted a phrase of "kevin's car pro Alexa").

2019: Management of voice assistants in smart columns using ultrasound

On December 17, 2019 it became known that the Japanese engineers developed a method of imperceptible management of voice assistants in smart columns using ultrasound. They suggest to emit ultrasonic fluctuations with such parameters that in process of distribution in air they change and near a column turn into heard, but noticeable only for the people located closely to the device. Article about development is published in IEEE Transactions on Emerging Topics in Computing.

Modern voice assistants are connected with the account of the user and have access to personal data and also an opportunity to manage other devices. All this does them by convenient tools in everyday life, but together with it increases their value in the opinion of malefactors therefore researchers in information security field of steel actively develop in recent years methods of cracking of voice assistants to create protection against such interventions. At the same time generally they investigate not standard methods of software cracking, but uncommon methods based on features of distribution of a sound.

For example, some researchers suggested to use ultrasonic commands which turn into heard in the microphone, to cipher imperceptible commands in already heard audio recordings or to form teams using the laser beam directed to the microphone. From these three approaches only the first provides imperceptible to the person the attack, but he is sensitive to distance to a column and also to the level of surrounding noise.

Researchers under the leadership of Tatsuya Mori from Waseda University used ultrasound as a basis too, but applied it otherwise thanks to what it not so depends on distance and features of microphones of a smart column. For this purpose engineers used an array from narrowly targeted parametrical ultrasonic loudspeakers.

The scheme of spontaneous demodulation of a sound in air

Using amplitude shift keying the initial sound command is coded in ultrasonic fluctuations at a carrier frequency and sidebands of frequencies. In process of distribution of waves from loudspeakers to the purpose (column) the sound is spontaneously demodulated because waves extend in the nonlinear environment (air) because of what the fluctuations heard to the person, but directed are formed. At the same time because of distribution in wave air gradually fade. As a result of lengthways straight line from loudspeakers towards a column the area at which there is a sound heard for the person and a column is formed, and parameters of this sound and area can be managed. In addition to the scheme with one loudspeaker researchers also learned to create in this way a sound on intersection of directional radiation of two arrays of loudspeakers.

Two schemes of creation of unheard commands

Experiments with smart columns Google Home also Amazon Echo showed that the method allows to activate columns indoors at distance of nearly 20 meters and also to transfer the commands which are successfully recognized by them at distance to 12 meters. At the same time in a case with the cross scheme of creation of a sound observers practically could not notice a command, and when using one array voice commands nevertheless were distinguishable regarding cases.

System prototype

At the beginning of 2019 the Danish engineers created the nozzle for smart columns saving their functions, but protecting privacy of users. The most part of time it emits directly in the column microphone a white noise and by that does not allow it to hear sounds indoors, but when the user tells an activation phrase, it activates a column and switches off noise, allowing the voice assistant to work in the normal mode.^[6]

You look also (voice assistants)

Notes