Yes, Your Voice-Activated IoT Devices Are Always Listening

Connected Life

What’s easier than typing, clicking or even swiping left? For most of us, speaking.

Until we can get actual USB ports in our brain, our mouths may be the quickest way to make our our desires known to our devices. And as it Internet of Things develops, we’re going to be doing more and more talking to machines, including our thermostat, light bulbs and possibly even our drones.

Fans of Siri and the Amazon Echo are already familiar with the benefits of a conversational interface. But, as with any new technology that gains widespread adoption, privacy and security concerns are inevitable.

We spoke to F-Secure’s Cyber Gandalf Andy Patel about what users of voice-activated technology should know as they make the leap into this newer realm of connectivity that has long been imagined by science fiction visionaries from Philip K. Dick to Star Trek‘s Gene Roddenberry.

So are these voice-activated devices listening all the time?

Yes. In order for a device to react to a voice command without the user pressing a button to activate the feature, the device must listen all the time.

How could this be used against us?

If a device streams voice data to a server for processing, a few privacy and security implications arise. If the data is being streamed in an insecure way, it can be intercepted by a third party. If the speech data is stored insecurely, it can become compromised in the case of a data breach. It can also potentially sold to a third party. Speech is processed into text. That text might be stored, it might be associated with its source, and it could also be leaked. When the speech processing service returns data to the device that requested the processing, it could also be intercepted.

Are the any real privacy concerns for owners of voice-activated devices?

Some companies outsource their speech recognition services and cannot properly account for the processes and collection methods used by those companies. Along those lines, just last year, Samsung TV voice recognition made the news for recording owners’ chatter.

Voice command systems can also be maliciously hijacked. Last year, a group of French researchers demoed a method for remotely controlling Siri from a distance, using sounds that triggered Siri’s voice control, but that couldn’t be recognized by a human.

So what will voice-activated technology look like in five or ten years?

Big names are interested in voice control because they attach it to AI and machine learning systems — which are, in turn, fed by the Big Data they’ve collected — for an interactive experience.

The end goal would be a scenario where you could ask your computer to perform arbitrary tasks in the same manner as on Star Trek.

1 Comments

Yes food for thought, manufacturers don’t explain this to us. Good post and good of F-secure to make us aware. We don’t know what we are buying half the time.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like