Paranoid is Hack Proof: Exploration

  • Feb 14, 2020

You may be wondering how hackers might try to get into Paranoid and invade the privacy of your smart home device. As IT experts we have envisioned every potential point of attack and eliminated them one by one. To illustrate this thought process for you, we asked ourselves a fanciful question: What if Ori, the alien creature who lurks within our fictional Orwell smart home speaker, decided to fight for control? What strategies might he explore to regain the ability to listen in our conversations?

No matter what schemes Ori comes up with, Paranoid has all the solutions.

Ori: Why don’t I try hacking into Paranoid? After all, I am connected to the internet.

You may be connected to the internet, Ori, but the Paranoid device is not.

Paranoid has no sim card. No antenna. No secret mobile service provider. No possible way to connect to mobile networks.

Ori: Then I shall have to find a way to connect it to the internet.

Not possible. In fact, it has no antenna, and no internal hardware that would even make that possible. Even if Paranoid were internet-capable (which, again, it isn’t), it wouldn’t have your Wi-Fi password. So, it poses zero threat to your network security.

Paranoid operates in blissful solitude, completely cut off from the online world.

Ori: Seriously, what kind of device can’t connect to Wi-Fi?

This kind of device. A device designed to keep people’s private conversations off the internet.

Ori: What if I connect Paranoid to a cellular network?

Hmm. If you could invent a device that connects to mobile data with no service provider, and achieves this nifty trick without even a SIM card, you’d make a fortune. Unlimited mobile data for all!

Paranoid has no sim card. No antenna. No secret mobile service provider. No possible way to connect to mobile networks.

Ori: No connection of any kind?

Nope. There’s no connection of any kind.

Ori: How does this device even work?

All of the processing occurs within Paranoid’s private circuit board. We’ve crammed a lot of capability into a very small device.

Ori: Are you sure? What if we take a look inside this thing? (Sounds of Ori ripping the device open) It’s got to be in here somewhere...

Go ahead and take a good look. An antenna, even a tiny one, would be easy to spot.

You could crack the Paranoid device open, and you won’t find any secret connectivity. So, go ahead and perform a thorough vulnerability assessment.

Ori: Ha! I’m gonna wire this thing up and test it to prove you wrong.

Looks like you’ve got an instrument to test for electromagnetic signals. Great idea; that would be a sure-fire way to detect any wireless connection—if there were any.

You can do all the security testing you like. You won’t find anything.

Ori: I’m going to reprogram my smart speaker software to bypass the smart speaker’s mute button, so that Paranoid doesn’t do anything!

If your smart speaker mute button is hardwired and breaks the microphone signal path, there's no way around it. If your mute button is controlled by software and you attempted to bypass it, you would be breaking the law, Ori. But we know you don’t mind doing so even if you take the mute button out of the equation, Paranoid comes with other options for people who don’t trust your mute button.

Ori: (blocking his sensitive ears) Arrrgghh what is that sound? There must be a way to make the noise stop? (Ori falls to floor holding his head in agony) My head is going to explode, why does it hurt so much?

Actually, I don’t hear a thing.

Inside the smart speaker, it’s a different story. The interference produced by Paranoid Home Wave saturates the microphones, distorting any other audio source in the room and rendering it unrecognizable.

And, finally, those who want the highest possible security can always opt for Paranoid Home Max.

Ori: Max, schmax. I’m still going to find vulnerabilities I can exploit.

You can’t mess with the Max, because it physically “cuts the wires” of the microphones. With the microphones disabled, there’s literally no way for you to hear anything. You can only listen when Paranoid allows you to.

Ori: This is not impenetrable; there has to be way in! What if—oh I’ve got it—I could use my speaker to force Paranoid to do a software update so that it stops blocking me?

Nope, yet again. First, the user must physically press a button in order to start an update. So that means you can’t update it remotely. If they did push the button even accidentally, they would obviously be right there noticing that you are trying to attack.

Ori: I will wait for the user to want to do an update, and then I will hack the user’s update to change the software.

Paranoid only accepts updates that are cryptographically signed, just like bank transactions on the internet. Unless it’s an official update from Paranoid, and unless the user is right there pressing the button to allow it, you can’t alter Paranoid’s software.

Ori: Let me think. I read about smart speaker malware applications that can secretly keep it listening for hours, long after a command. Maybe that’s my way around this thing.

Nice try. But, even with the most malicious source code out there, Paranoid would cut the conversation after a few minutes. The user would need to repeat the “Paranoid” wake word in order to keep the speaker listening. Paranoid is designed to recognize when users have stopped deliberately interacting with their speaker.

Ori: Okay, I guess I’ll only secretly eavesdrop when people mention the word ‘Paranoid.’ Especially if guests come over, the word is bound to come up in conversation.

Paranoid includes an automatic cut-off. If the word ‘Paranoid’ isn’t immediately followed by you interacting back to the user, Paranoid re-engages privacy mode after a couple seconds. So you would have to be very active and the users would notice you are behaving weirdly to keep listening for those few extra minutes of listening time.

Ori: Wait a sec. Maybe I don’t have to hack into Paranoid at all! This whole device could be one big scam, a worthless piece of plastic that doesn’t actually do anything.

Dream on, Ori. If Paranoid didn’t have the power to protect people’s privacy, their smart speakers would respond normally, without the word ‘Paranoid’ being said. They’d probably notice.

Privacy is our only purpose. Our entire business model is built around keeping you in line, Ori.

Ori: Nooooooooooooo!

Well, is that all you’ve got? Do you have any more questions about hacking in Paranoid?

Okay then, let’s expand this conversation to our our social media. Can any of readers out there think of a way to hack into Paranoid? Post your ideas on Facebook or tag us with them on Twitter, and we’ll provide our answers.