Category Archives: Antivirus Vendors

Antivirus Vendors

Panda Security

Your Virtual Assistant Knows Quite a Lot about You

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/google-home-3-100×100.jpg

“OK, Google.” With this simple voice command, the Google Home smart speaker sprung to life in a recent Super Bowl ad for Mountain View’s virtual assistant. To the surprise of many viewers, so did the Google Home in their own living room. OK, indeed. Just one more reminder that virtual assistants, capable of turning on lights or putting together playlists or making purchases online, are also spies in our very own homes.

In fact, their gift for listening in on conversations and keeping them on file can make them a good helper for solving crimes as well. The local police in a US town asked Amazon if it would allow them to access the information of an Amazon Echo. The smart speaker may have stored information that could help clear up some points of their ongoing investigation. Ultimately, such a device will record anything that happens if prompted, and we’ve seen that sometimes its owner is not the only one to wake it up from its dormant state (OK, Google…). So, it begs the question: how can you wipe its memory?

Deleting the memory of Alexa and Google Assistant

Alexa, the virtual assistant that only speaks English (for now), is the brain of the Amazon Echo. She will be the brain behind other products, as well, it seems. In the last Consumer Electronic Show, Lenovo presented an affordable device that works with Alexa, and Huawei will integrate it into its Mate 9 smartphones. In order to protect our privacy, it will come in handy to know how to delete the information they keep squirrelled away on their servers.

For Alexa, you can do it either from the app itself, available for Android and iOS, or from the website. It’s as simple as going to Settings, History. From there, you can select the files you wish to delete permanently (or the, um, evidence you wish to destroy). From the website the process is slightly different, but just as simple. Just go to the menu that allows you to manage your content and devices. From there, select the Amazon Echo and request to delete recordings.

The procedure is similar for deleting data from Google Assistant, the virtual assistant that for now is only available for Google Home, Android Wear, Google Allo, and the Google Pixel. From My Activity, the page that allows you to see an overview of your activity on Google’s various services, you can filter results to only see the data kept by your virtual assistant, or Voice and Audio services. Once there, you can either delete all the files at once, or just start clicking away and have a field day deleting them one by one.

In culling as much information on us as possible, the obvious goal of these virtual assistants is to offer more personalized services. But it’s nice to know that the dirt they have on you can be swept under the rug without any hassle.

The post Your Virtual Assistant Knows Quite a Lot about You appeared first on Panda Security Mediacenter.

Panda Security

Smart Meters Can be a Threat to Homes and Offices

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/light-100×100.jpg

For some time now, a large majority of buildings have made use of smart meters to record their electrical consumption. Besides the potential impact on the electric bill, which some consumer groups have already denounced, the widespread adoption of this apparatus carries along with it some lesser known security risks.

As researcher Netanel Rubin explained during the last edition of the Chaos Communications Congress held in Hamburg, Germany, these meters pose a risk on several fronts. First, these devices record all household and office consumption data and send it to the power company. An attacker with access to the device could see its data and use it for malicious purposes.

For example, a thief could find out whether a house or office is empty in order to burgle it. And since all electronic devices leave a unique footprint on the power grid, such a thief could even analyze variables to find out what valuable devices they could potentially have at their fingertips upon entry.

A thief could find out whether a house is empty or not, and what valuable objects it contains

 

In a few years, when smart homes become more widely popular, the scenario could end up being even more serious. The attacker could actually enter the home or office without having to force the lock. If there is a smart lock installed, all they would need is access to the system to enter the house.

As serious as this is, smart meters are open to even more grievous lines of attack. As Rubin explained, meters are at a critical point in the power grid because of the large amount of voltage they receive and distribute. An incorrect line of code could cause serious damage. For example, an attacker who took control of the device could “cause it to literally explode” and start a fire, according to the researcher.

This is all pretty alarming.  But the biggest weakness of smart meters is in the way they communicate with each other and with power companies. Normally they do it through the GSM protocol, the standard of 2G communications for mobile networks. The insecurity of this protocol has been well demonstrated.

According to Rubin, some companies are not using any sort of encryption in such communications. Among those that do, weak algorithms or very simple passwords are sadly run-of-the-mill. You might just as well serve it up to attackers on a silver platter.

The fact of the matter is many of these devices are insecure by default. As Rubin points out, they do not have a CPU with enough power and memory to use strong encryption keys.

The post Smart Meters Can be a Threat to Homes and Offices appeared first on Panda Security Mediacenter.