How To Recognise When Your Smart Speaker Is Eavesdropping

Not everything has to be a platform for something else, and that’s especially true in your smarthome. While you can supplement your smart speakers with skills, actions, and apps—we’re mainly talking about the Amazon’s Echo and Google’s Home devices—you should think twice about what you’re installing. Vulnerabilities that have yet to be corrected by either company could open you up to phishing or eavesdropping by a malicious developer.

While it’s no fancy laser attack this time, researchers at Security Research Labs have confirmed that months-old vulnerabilities related to how voice commands are processed by Amazon’s and Google’s speakers have yet to be fixed. As a result, scammy apps (that both companies seem to have trouble catching) can phish important security information from unsuspecting users.

Here’s SRLabs’ description of how an app takes advantage of the vulnerabilities:

1. Create a seemingly innocent application that includes an intent triggered by “start” which takes the next words as slot values (variable user input that is forwarded to the application). This intent behaves like the fallback intent.

2. Amazon or Google review the security of the voice app before it is published. We change the functionality after this review, which does not prompt a second round review. In particular, we change the welcome message to a fake error message, making the user think the application has not started. (“This skill is currently not available in your country.”) Now the user assumes that the voice app is no longer listening.

3. Add an arbitrary long audio pause after the error message by making the voice app “say” the character sequence “�. “ (U+D801, dot, space). Since this sequence is unpronounceable the speaker remains silent while active. Making the app “say” the characters multiple times increases the length of this silence.

4. Finally, end the silence after a while and play a phishing message. (“An important security update is available for your device. Please say start update followed by your password.”). Anything the user says after “start” is send to the hacker’s backend. That’s because the intent, which acted like the fallback intent before, now saves the user input for the password as a slot value.”

In another attack vector, a developer could create an eavesdropping routine by submitting common words as triggers, such as “address;” combine that with a false “stop” announcement, like your speaker saying “goodbye,” and extend the time the speaker remains active using the “hidden” character trick from earlier. If a person says a trigger word at some point during this extended time, the speaker records and sends anything that was said to the developer.

If that’s hard to follow, here’s a video of the exploit in action:

The same style of hack is a little different on Google devices, but also more powerful, as trigger words aren’t needed (and the “eavesdropping” period can persist forever):

What to do about supplemental skills for your smart speaker

While Amazon and Google are allegedly stepping up their review processes to catch skills, actions, and other integrations that try to exploit your device, this hasn’t been going well. As ThreatPost writes, removed apps that take advantage of these exploits can be resubmitted (and even approved). That, and the whole bait-and-switch aspect—where a legitimate skill is approved, only to be swapped by code with more malicious intent—is problematic in itself.

Our advice? Stick to skills and actions from known developers that have already been reviewed and vetted by others. For example, get your sports scores from an ESPN skill with plenty of reviews instead of some random user’s “sports skill” they created last week. You can always bookmark that and return to check up on it later, to see if other users find it legitimate or not.

Most importantly, look at your smart speaker from time to time. Don’t just assume that the end of a response—either by “dinging” sound or some other message—means that your speaker is done processing commands. Know what your device’s physical signals are and look at it, rather than yell at it, when you’re activating third-party skills. If your device stays active in some weird way, that’s a great clue that the skill or action you’re using might warrant additional investigation.

Finally, prune your skills and actions. If you can’t remember the last time you used a third-party app or service with your smart speaker, remove its ability to access your device (or associated account). Don’t let unused integrations pile up, because all it takes is one switching its focus to cause some unpleasantness in your digital life.

Comments


Leave a Reply