Contact us today!

FRS Pros Blog

Is Your Smart Assistant Undermining Your Security?

Is Your Smart Assistant Undermining Your Security?

Smart assistants commonly appear in the office and home, so much so that the novelty seems to have finally worn off and they are now just another appliance—and, like any other appliance, there are a few quirks that can be frustrating to deal with. For instance, anyone living around these devices has shared a particular experience: the device registering something as a wake word that certainly wasn’t meant to be the wake word.

While this may just seem to be a mildly amusing annoyance, this phenomenon has some concerning security ramifications. Let’s discuss how deep the rabbit hole goes, and what the impact could be to your security.

What Do Our Smart Assistants Actually Hear?

You’re certainly aware by now of how these smart assistants work. A small device lives in your home or office, either as a standalone device or piggybacked into your phone or other appliance. With a simple voice command, assorted information can be shared or activities can be completed with little effort. By default, this voice command is dictated by which device is being used:

  • Amazon Alexa devices respond to the term “Alexa,” ”Computer,” ”Amazon,” or “Echo.”
  • Google Home devices wake up to “Okay/Hey, Google.”
  • Apple’s Siri responds to “Hey Siri.”
  • Microsoft’s Cortana reacts to its name, “Cortana,” or “Hey, Cortana.”

However, we’ve all also seen examples of these smart assistants picking up other sounds when we aren’t expecting it to react. How often have you seen someone say something, only to be interrupted as their smart assistant responds?

To be honest with yourself, how often have you been the one to say the wrong thing and trigger an out-of-context response?

You are far from alone. Many people have done the same, and there are some legitimate security concerns paired to this phenomenon. In fact, these incorrect wake words have even inspired academic research.

The Research

In their report, Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers, researchers used a variety of smart devices to listen to various samples of audio material, including popular television shows like Modern Family and Game of Thrones, news broadcasts, as well as the professional audio data used to train these speakers.

With this approach, the researchers analyzed when the terms that successfully activated the assistants were spoken, ultimately generating a list of over a thousand audio sequences. From there, they were even able to break down the words into their individual sounds and identify other potential false triggers that also activated the voice assistants.

For instance, depending on the pronunciation of the word, the following substitutions awakened the voice assistants:

  • Alexa devices also responded to “unacceptable” and “election,” while “tobacco” could stand in for the wake word “Echo.” Furthermore, “and the zone” was mistaken for “Amazon.”
  • Google Home devices would wake up to “Okay, cool.”
  • Apple’s Siri also reacted to “a city.”
  • Microsoft’s Cortana could be activated by “Montana.”

This phenomenon was not only found in devices trained in English, either. Speakers set to German and some from Chinese manufacturers set to Chinese were also tested, with some samples being more resistant to accidental activation, while some new examples proved very effective—for instance, the German phrase for “On Sunday” (“Am Sonntag”) was commonly mistaken for “Amazon.”

What This Means to Privacy

While the results of this study are fascinating, the true purpose is more disconcerting. Let’s go back to the way these assistants work.

As we said, once the wake word or phrase is recognized by the device, it actively begins listening. In an ideal world, the assistant would only recognize the predetermined words and activate when those specific words were spoken. However, we know that isn’t the case, as this study proves.

So, now we have a situation in which there are devices scattered around, waiting for something close enough to their trigger word to register. Keep that in mind.

We have also mentioned that this data is transcribed and reviewed manually to check for accuracy, which means that another person could potentially be given access to the recording. While we obviously can’t say that we know that one of these people could use this access to their own, personal advantage, we also can’t say that we know they wouldn’t.

Let’s put together a scenario: you’re on the phone with a coworker, talking about a client. Your coworker needs access to the client’s data, so you give them the access credentials to do so. Trouble is, at some point in the conversation, your smart assistant heard a potential trigger word and started recording.

As a result, there is now a recording of your client’s account credentials in the cloud, and potentially being anonymously reviewed by a complete stranger. Setting aside the workplace for a moment, how easily do you think it could be that a smart assistant could pick up some other piece of juicy or embarrassing personal information?

While we aren’t trying to scare you away from using smart speakers, we are trying to demonstrate how important it is that you use them mindfully. There unfortunately is not an option to use a customized word to register that the speaker should listen in (as of yet), so for right now, just try to be more aware of what you’re saying when you’re within “earshot” of them. That, and you should make it a habit to disable the device when not in use, and especially when discussing sensitive information.

For more technology tips, best practices, and security advice, make sure you subscribe to our blog!

Putting the IoT to Work in Your Business
Can We Innovate Electronic Health Records?

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Privacy Hackers Internet User Tips Software Cloud Google Innovation Hardware Efficiency Microsoft Data Email Hosted Solutions Business Management Computer Business Communication Windows 10 Smartphones IT Support Malware Data Backup Mobile Devices Cybersecurity Tech Term Workplace Tips Android Small Business IT Services Collaboration VoIP Disaster Recovery Smartphone Backup Data Recovery Browser Upgrade Users Outsourced IT Office 365 Phishing Gadgets Communications Internet of Things Windows Information Apps Covid-19 Cloud Computing Data Security Network Miscellaneous Ransomware Cybercrime Business Continuity Operating System Passwords Managed IT Services Automation Saving Money Social Media Facebook Health Microsoft Office Managed Service Quick Tips Wireless Mobile Device Management Artificial Intelligence Blockchain Alert Two-factor Authentication Information Technology Mobile Device OneNote Server Law Enforcement Conferencing Employer-Employee Relationship Vulnerability Money Virtualization IT Support Managed IT Services Best Practice Networking Managed IT Applications Holiday Chrome Spam Mobile Office Data Storage Windows 7 WiFi BDR Telephone Systems Retail Tech Support Bandwidth Managed Service Provider Password Word Router Unsupported Software Augmented Reality Access Control Battery BYOD Project Management Patch Management Printing Google Drive Settings App Hacking Bring Your Own Device Windows 10 Gmail Save Money Data Breach Wi-Fi HIPAA Computers Voice over Internet Protocol Update Going Green Social Travel File Sharing Politics Government Budget Excel Shortcut Touchscreen Wireless Technology Remote Workers Apple Fraud Business Technology Robot Data Management Software as a Service Evernote Audit Productivity Hard Drive Display The Internet of Things User Error Sports VPN iPhone Meetings Human Resources Data Protection Cortana YouTube Application Payment Cards History Encryption Telephony Data Loss IT Management Safety Cost Management Management Marketing Hosted Solution WannaCry Wireless Charging Commerce Google Docs Paperless Office Mobile Security Search Devices Risk Management Avoiding Downtime Mobility Vendor Training Google Assistant Proactive IT SaaS Remote Hybrid Cloud Specifications Virus Employee-Employer Relationship Processor Regulations Compliance Recovery Microsoft Word Wireless Internet Saving Time Touchpad Office IT solutions Hosted Desktop Disaster Medical IT Development Telework Value Wasting Time Fiber Optics Vendor Management iOS Server Maintenance WIndows Server 2008 Remote Work Data Privacy Innovations Amazon Downtime Sales Proactive Benchmarks Policy Administrator Tablets Maintenance Gamification Keyboard Shortcuts Humor Scam Windows 10s HBO Smart Devices Storage Social Engineering 5G Computer Care Nanotechnology Micrsosoft Audits Streaming Media Sync Accessory Education Screen Mirroring Holidays Lithium-ion battery E-Commerce Samsung Personal Information Investment Net Neutrality FAQ Unified Threat Management Managed IT Service Remote Working Edge Virtual Assistant Websites Testing Myths Procedure Access NFL eWaste Memory Solid State Drive Sabotage Troubleshooting Identities Legal Reputation Root Cause Analysis Business Intelligence Solutions Chromecast Computer Forensics Peripheral Emails Cast Copiers Alexa for Business Antivirus Computer Fan ROI Internet Service Provider Charger Chromebook Co-Managed Services Data storage Upgrades Managed Services Provider Ciminal CRM Data Theft Camera Remote Computing Threats Video Conferencing Internet Exlporer Device Security Financial Payroll Hard Disk Drive PC Legislation Language Employees Digital Signage Printer Adobe Workers Inventory Employee Windows Server 2008 R2 Telephone Instant Messaging Hacker Facebook Privacy Uninterrupted Power Supply IT Solutions AI Gifts Computing Projects Emergency Scams Organization Windows Ink Security Cameras Comparison OneDrive Transportation Firewall PCI DSS Licensing Updates PowerPoint Admin Point of Sale Laptop Webinar Microsoft Excel IT budget Compliance Break/Fix Entertainment Private Cloud Workstation Outlook Hyperlink Keyboard Consultant eCommerce Identity Theft Smartwatch Files Credit Cards App store Identity Printers Remote Monitoring Virtual Private Network DDoS Google Maps Spyware Machine Learning Big Data Television CrashOverride Automobile Regulation Company Culture es Managing Stress HaaS USB Worker End of Support How To Books Relocation Video Games Experience Twitter Hiring/Firing Work/Life Balance Virtual Reality Thank You Current Events Electronic Medical Records Crowdsourcing Employer Employee Relationship Phone System Benefits PDF Mobile Computing Save Time Congratulations Computer Accessories Flexibility Music Smart Technology Text Messaging Cache Scalability Analytics Office tips Communitications Monitors Advertising Black Market Cleaning