As the popularity of Amazon Alexa and other voice assistants grows, so too does the number of ways those assistants both do and can intrude on users' privacy. Examples include hacks that use lasers to surreptitiously unlock connected-doors and start cars, malicious assistant apps that eavesdrop and phish passwords, and discussions that are surreptitiously and routinely monitored by provider employees or are subpoenaed for use in criminal trials. Now, researchers have developed a device that may one day allow users to take back their privacy by warning when these devices are mistakenly or intentionally snooping on nearby people.
LeakyPick is placed in various rooms of a home or office to detect the presence of devices that stream nearby audio to the Internet. By periodically emitting sounds and monitoring subsequent network traffic (it can be configured to send the sounds when users are away), the ~$40 prototype detects the transmission of audio with 94-percent accuracy. The device monitors network traffic and provides an alert whenever the identified devices are streaming ambient sounds.
LeakPick also tests devices for wake word false positives, i.e., words that incorrectly activate the assistants. So far, the researchers' device has found 89 words that unexpectedly caused Alexa to stream audio to Amazon. Two weeks ago, a different team of researchers published more than 1,000 words or phrases that produce false triggers that cause the devices to send audio to the cloud.
No comments:
Post a Comment