Credit to Author: Jeffrey Esposito| Date: Thu, 13 Apr 2017 15:36:24 +0000
We’ve written a bunch about the insecurity of the Internet of Things (IoT) and connected devices. Many have also wondered how secure voice-controlled home devices like Google Home, Alexa, and similar devices are. We are talking about serious researchers, here.
However, little did we suspect that a device like Google Home would be exploited not by a black-hoodied hacker but rather by an actor shilling hamburgers. In the commercial below, you can see the actor draw the camera close and speak the magic words OK Google:
Seems harmless, right? Well maybe not. In this video, you can see the same commercial, but with a small twist:
— Jeff Esposito (@jeffespo) April 13, 2017
Holy computer takeover, Batman! Yup, the command worked. It was nowhere as advanced as the research we sat in on last week at the SAS. At least the advertiser didn’t go with “Alexa, order me a whopper.”
A recent TechCrunch article raised the battle cry for privacy concerns, saying: “At best, it’s really annoying for people with the device in their living room. At worst, it once again raises some nagging questions about technological limitations and privacy concerns surrounding these smart assistants.”
The complaint has its merits, but the simple truth is that this was bound to happen. Advertisers look to hop on the latest trends. Burger King did it on purpose, but this effort brings to mind the lack of foresight that led to a 6-year-old ordering cookies and a dollhouse by wishing on her parents’ Echo device — and then, when that was reported on the television news, Alexa perked up in viewers’ homes and ordered dollhouses for them.
— Eugene Kaspersky (@e_kaspersky) March 1, 2017
Reading through the settings on the Help Page for Google Home, I can’t find somewhere to set up an ordering code like on Amazon, but rather, the ability to filter out inappropriate content.
It will be interesting to see how Google, advertisers, and smart home developers look at this incident. Given the number of homes with these types of devices, I can’t imagine this will be the last we hear of this kind of misuse of voice recognition.
Until then, we can add April 12 to the annals of Internet lore as the day that Big Fast Food turned an actor into a hacker. Somewhere forums are going crazy wondering why they didn’t think of it first and hoodies are being traded for paper crowns and a side of fries.