Tag Archives: google

What if smart devices could be hacked with just a voice?

Smartphones and wearable devices have introduced a brave new world in the way that humans and computers interact. While on the PC we used the keyboard and mouse, touch-based devices and wearables have removed the need for peripherals and we can now interact with them using nothing more than our hands or even our voices.

This has prompted the arrival of the voice activated “personal assistant”. Activated by nothing more than our voices, these promise to help us with some basic tasks in a hands-free way. Both Apple and Google added voice recognition technologies to their smart devices. Siri and Google Now are indeed personal assistants for our modern life.

Both Siri and Google Now can record our voice, translate it into text and execute commands on our device – from calling to texting to sending emails and many more.

However, these voice recognition technologies – that are so necessary on smart devices – are perhaps not as secure as we give them credit for. After all, they are not configured to our individual voices. Anyone can ask your Google Now to make a call or send a text message and it will dutifully oblige – even if it’s not your voice asking.

What if your device is vulnerable to voice commands from someone else? What if it could call a premium number, send a text message abroad, or write an email from your account without your knowledge. Over–the-air-attacks on voice recognition technologies are real, and they are not limited just to smartphones. Voice activation technologies are also coming to smart connected devices at home, like your smart TV.

As I demonstrate in this short video, the smart devices in my home do respond to my voice, however they also respond to ANY voice command, even one synthesized by another device in my home.

 

 

The convenience of being able to control the temperature of your home, unlock the front door and make purchases online all via voice command is an exciting and very real prospect. However, we need to make progress with the authentication of the voice source. For example, will children be able to access inappropriate content if devices can’t tell if it is a child speaking or a parent?

Being able to issue commands to my television might not be the most dangerous thing in the world but new smart devices, connected to the Internet of Things are being introduced every day. It may not be an issue to change the station on my television, but being able to issue commands to connected home security systems, smart home assistance, vehicles and connected work spaces is not far away.

Utilizing voice activation technology in the Internet of Things without authenticating the source of the voice is like leaving your computer without a password – everyone can use it and send commands.

 

 

There is no question that voice activation technology is exciting, but it also needs to be secure. That means, making sure that the commands are provided from a trusted source. Otherwise, even playing a voice from a speaker or an outside source can lead to unauthorized actions by a device that is simply designed to help.

 

An Emerging Threat

While we haven’t discovered any samples of malware taking advantage of this exploit in the wild yet, it is certainly an area for concern that device manufacturers and operating system developers should take into account when building for the future. As is so often the case with technology, convenience can come at a risk to privacy or security and it seems that voice activation is no different.

New Initiative Simply Secure Aims to Make Security Tools Easier to Use

The dramatic revelations of large-scale government surveillance and deep penetration of the Internet by intelligence services and other adversaries have increased the interest of the general public in tools such as encryption software, anonymity services and others that previously were mainly of interest to technophiles and activists. But many of those tools are difficult to use […]

How to change Safari’s default search engine in iOS 8 for greater privacy

With iOS 8, you can – for the first time – switch your Safari browser’s search engine to alternatives such as DuckDuckGo. Find out why you might want to and, in fairness, why you might NOT want to…

The post How to change Safari’s default search engine in iOS 8 for greater privacy appeared first on We Live Security.

Is it time you used two-factor authentication?

Two-factor authentication is an additional security measure that you can add to your online accounts to help keep them safe from attack and fraud.

“Two-factor” simply means that you need something other than your password in order to access your account. This normally comes in the form of a code generated by an app or sent to you in a text or email. Two-factor-authentication means that should your password be compromised, your accounts are still protected.

You may be familiar with two-factor authentication for online banking, where it has been used for a long time to validate logins and safely setting up transactions. Given its security benefits, many of the leading websites and services have enabled two-factor authentication for users. Google, for example, implemented the extra layer of security in early 2011, but many users still don’t realize that it is available.

While logging into accounts with two-factor authentication does require a little extra effort on behalf of the user, the extra layer of security does make it well worth-while.

How to Setup Two-Factor Authentication

In this example I will be setting up two-factor authentication on a Google account but similar instructions can be found for most popular sites such as Amazon, Dropbox and Facebook.

Before setting up two-factor authentication you need to make sure you have two things available. The first is a secure password, something you should already be using, on whichever services you use (Although you should have different password for each service for greater security). The second would be a device or application that can receive a code, most commonly a smartphone.

  1. Go to: www.google.com/settings/security
  2. Click “Set Up” under 2-step verification menu
  3. Chose how you would to receive your codes: SMS or codes
  4. Download Google’s Authenticator app for Android or iOS.
  5. Link your Authenticator app or device to your Google account using the code provided

Google-Authenticator

Once you are setup for two-factor authentication it’s ready to go in the wild. The next time a new device or browser tries to access your account they will need your username and password like before, but then you will need to enter in an access code pin that is either texted to you or synced to the authenticator app. Once the username, password, and pin number are all entered correctly you are logged in.

Two-factor authentication is one of the settings we believe strongly in to help mitigate password hacking because even if somebody does know your password they still can’t get into your account. It is important to remember however there are other methods to get access to your information so just using this helps secure your password login, but won’t guarantee all information is secure.  This is a great step forward to better security and privacy of your data and we highly recommend all users activate two-factor authentication wherever they can.

More 1024-Bit Certificates to Be Deprecated in Firefox

When Mozilla released Firefox 32 last week, the company removed several root certificates from the trust store for the browser. The move wasn’t because the certificates were fraudulent or the CAs that issued them were compromised, but because the certificates use 1024-bit keys. This is the first step in a process that Mozilla officials say […]