What Did You Say? Popular Voice Assistants Used for Fraud and Other Hacks
By: Jim Stickley and Tina Davis
November 26, 2019
Siri and Alexa don’t mean you any harm, but the cybercriminals who hack them certainly do. As smart devices are becoming more common in homes and workplaces, so too grow the opportunities for hackers to take advantage of them. As convenient as the Internet of Things (IoT) can be, as more devices get connected, the more options there are for bad actors to exploit them. In particular, voice assisted technology found in devices using Siri, Alexa, and other voice-command apps present risks there are currently no cures for. Identity theft, fraudulent purchases, malware, and other cybercrimes can be done via these voice assistants, and those who use them are slowly becoming aware of these threats.
Researchers are finding many examples of voice assisted technology being used to hijack smart devices in numerous ways. In smart homes, where these devices are used to regulate temperature, lights and alarm systems, hackers are overtaking voice commands and directing how they functions. One particular hack called DolphinAttack was discovered using a frequency that humans are unable to hear. Researchers were able to voice control a locked iPhone to take photos, go to websites, and send texts. All of this was done in a voice pitch the smartphone user could not hear. The concern is if hacks like DolphinAttack are improved, there’s no limit to what a cybercriminal can order a device to do. Other studies have found overtaking voice commands have been able to set temperature controls to 90 degrees, deactivate security cameras, and unlock doors.
As we enter the holiday season, toys that are internet connected will be on shopping lists of many. Remember the doll Cayla? She was your child’s best friend, but was also able to record sounds that were sent back to a server elsewhere. Be sure you know what toys and other gifts are capable of doing before purchasing them this holiday season.
In a world where hackers don’t waste any time finding and exploiting device vulnerabilities, self-protection is currently the best way to fight back. Basic safety practices always start with unique and strong passwords. Not only will it help safeguard a smart device but it’s always a great way to protect your data from hacking overall. Locking your device when not in use creates an additional barrier for hackers to get through, and the more hurdles there are the better. Doing so may cause a bad actor to give up and move to a device that’s easier to hack. Create a PIN protection for all devices, especially for those voice assistants that can literally open the door to your home and access other household functions. It’s yet another roadblock to stop hackers from accessing other data like financial data, health records, your child’s playtime conversations, and other personal information. Also consider the option to not link your data to voice-controlled devices. Remember, as device creators and service providers struggle to find a solution to these artificial intelligence problems, a smart owner of a smart device is still the best defense.