There are lots of voice activated tools and services now available from software on your PC and in your car to physical hardware you can place around your home. These devices are becoming everyday occurrences, “Alexa, whats the weather”, “Siri, recipe for Chocolate Cake” (too many to list).
The two main ways to control them is via a button press then speaking such as my car to get it into a listening state, or they are always in a listening state awaiting a set of specific interaction commands, such as the applications name. There is at least a turn of listening mode.
However with all these devices and software, there is a distinct lack of security around voice recognition and lack of interaction security. For instance a recent incident where a TV show caused a number of Dolls Houses to be purchased.
We are busy connecting these devices to all sorts of home automation to make it easier to do things, but how many stop to think of what I term as: “The Letterbox Problem”. This is where you have automated your home to a level that includes things like your lights, powered items and your house alarm. As you walk into your house you can say voice commands to turn on lights, put the kettle on and turn off the alarm. The Letterbox Problem happens when someone has the ability to literally shout through your letterbox and activate or deactivate items in your house. To a would be thief, turning lights on and off will check to see if anyone is at home first before going for the alarm.
There is a security challenge here is to ensure that a level of voice recognition and security controls are in place. Voice recognition by itself is not good enough as I’m sure you’ve heard an impressionist mimic a celebrity on a TV or Radio show.
I would like to see a form of two factor authentication on a voice system so it can be sure its me before it carries out the task. Voice may be one of these, but something else like a token code or app on the phone may be a solution.
There a number of basic steps you can take at the moment to help protect yourself such as:
- Think about the systems you are connecting the voice device to. Can it compromise your security if anyone else uses it.
- Use the mute button on devices or turn of listening mode when not in use.
- Keep the devices updated with the latest patches and firmware.
- Use good password security practices on any sensitive systems you use (ie Bank Accounts, Paypal etc).
- Use strong passwords on any associated accounts to the voice assistants, (ie Amazon, Google, Apple etc).
- If your system allows it, clear out its cache and old activities on regular basis so they can’t be replayed against you.
- Don’t have a system listening when the TV or Radio is on, especially when your out of the room. You may end up with a new dolls house.