Hacking through voiceand The risk of expanding the use of voice activation technologies, which may not be so safe, says an AVG researcher on a blog post.
As Yuval Ben-Itzhak, chief technology, reports officer της εταιρείας, σε κείμενο υπό τον τίτλο «What if smart devices could be hacked with just a voice?», η άνοδος των smartphones και των wearables έφερε επανάσταση στον τρόπο αλληλεπίδρασης μεταξύ ανθρώπων και υπολογιστών, καθώς μειώθηκε σημαντικά η ανάγκη χρήσης περιφερειακών όπως το keyboard and the mouse – which, for that matter, are replaced by hands or even voices.
This in turn, inclpays, έφερε την έλευση του ενεργοποιούμενου μέσω φωνής personal assistant. «Καθώς ενεργοποιούνται απλά από τις φωνές μας, υπόσχονται να μας βοηθήσουν σε βασικές εργασίες με hands-free τρόπο. Τόσο η Apple όσο και η Google πρόσθεσαν τεχνολογίες αναγνώρισης φωνής στις ‘έξυπνες' συσκευές τους. To Siri και το Google Now αποτελούν όντως personal assistants για την καθημερινή ζωή μας. Τόσο το Siri όσο και το Google Now μπορούν να καταγράψουν τη φωνή μας, να τη μεταφράζουν σε κείμενο και να εκτελούν συσκευές στη συσκευή μας…ωστόσο αυτές οι τεχνολογίες αναγνώρισης φωνής – οι οποίες είναι τόσο απαραίτητες στις ‘έξυπνες' συσκευές- ίσως να μην είναι τόσο ασφαλείς όσο τις θεωρούμε. Σε τελική ανάλυση, δεν είναι ρυθμισμένες για τις συγκεκριμένες μας φωνές. Ο καθένας μπορεί να ζητήσει από το Google Now να πραγματοποιήσει μια call or send a text message and it will obey - even if it's not your voice that asks."
The question Ben-Yitzhak raises is whether a device is "vulnerable" to voice commands from someone else. “Over-the-air attacks on voice recognition technologies are a reality, and they're not just limited to smartphones. Voice activation technologies are also coming to 'smart' connected devices in the home, such as the smart TV."
In a video he uploaded to YouTube, the AVG researcher demonstrates that the "smart" devices in his home respond to his voice - but they also respond to any voice command, "even one composed by another device in my home." Continuing, it highlights the need for progress in the field of voice source identification, raising the issue of children accessing inappropriate material if a device cannot "tell" whether it is the child or their parent speaking. At the same time, he points out that new "smart" devices appear every day, in the context of the "explosion" of the "Internet of Things". “Changing the channel on my TV may not be a problem, but the potential for commands to connected home security systems, smart home assistance, vehicles and connected workplaces is not far off. Leveraging voice activation technology in the Internet of Things without identifying the source of the voice is like letting the computer your without a password - anyone can use it and give commands" he notes.
In conclusion, Ben-Itzak explains that so far there have been no "free" malware samples exploiting this "Achilles heel", but adds that "this is a concern that device manufacturers and operating system developers should take into account their plans for the future. As is often the case with technology, comfort can come with risks to privacy or security - and it seems that voice activation is no different. "
Source: naftemporiki.gr
