Each time you get excited about a new piece of tech, or a dazzling digital innovation, you can be sure there are others out there who are excited for a completely different reason: potential privacy attacks. Where you see fun and convenience, some see new avenues of vulnerability.
We designed Paranoid to shut down one such avenue: the ability of smart speakers to listen in during private moments, and to upload audio data that had been meant for your ears only. But we also enjoy keeping up with other trends in digital privacy.
There’s a whole field of experiment and inquiry out there—performed largely (thank goodness) by tech experts with no criminal intent. They’re trying to find ingenious new cracks in our digital walls, in an attempt to stay one step ahead of the cybercriminals.
Here are four of the coolest new hacks that compromise online privacy.
Most of us are far too savvy to fall prey to old-school phishing attacks. When a curious link pops up in an email or text message, asking us to log in with our bank account and password, we know enough to hit “delete.”
But, imagine getting a phone call from your boss, asking you to help her log into the company server. Because it’s obviously her voice asking for the info, you let your guard down for just a minute.
This strategy of voice phishing, or “voishing” is becoming more sophisticated with each passing year. We’re now at the point where software can take a fairly small sample of a person’s voice, and use AI to generate a convincing deepfake audio “skin.” After that, you can effectively speak in real time and produce a lifelike output in the machine-generated voice.
At this point, companies like Modulate are promoting their product to online gamers, to give them the ability to speak with the voice of their favorite characters. But it doesn’t take much imagination to picture more nefarious uses.
2) Audio transducers
If you’ve spent enough time with a smart speaker, you’ve probably found ways to expand its capabilities. Instead of simply posing internet queries, or playing music, you’ve turned it into a control hub for your “internet of things” (IoT) devices. With a simple voice command you can dim the lights, adjust the thermostat—or even unlock your front door.
That last example could prove tempting to would-be intruders. With a surface audio transducer—a fairly simple and inexpensive device—a person outside your home could generate a voice command that your smart hub will hear and respond to. When you hold that transducer flush against an outside window, the transducer effectively turns that window into a rudimentary amplifier. By hooking up a microphone, you could try out a variety of voice commands until you find one that works.
“OK Google, unlock the front door.”
3) Is your TV watching you?
Most modern TVs aren’t simply viewing screens; they’re sophisticated interactive devices connected to the Internet via your home’s Wi-Fi network. Lower-end smart TVs allow you to view Netflix or YouTube, or perhaps check your Twitter feed. But higher-end models are incorporating microphones and even cameras.
A microphone gives you the option of controlling your TV via voice command. With a camera plus facial recognition, a smart TV can recognize individual viewers and offer customized viewing suggestions. With cameras and microphones, smart TVs may soon also offer video chat capabilities.
In other words, you may have invited another internet-connected microphone and camera into your living room or bedroom. Like your smart speaker, these represent tempting data sources for your TV’s manufacturer. In the hands of sophisticated criminals, they could also be turned into cyberstalking surveillance tools. Because the TV is connected to your home network, it could also represent a potential backdoor into your home computer.
4) Laser microphones
The sensitive microphones of your smart speaker can detect and respond to voice commands from across the room. But, scientists have recently discovered that those microphones can also “hear” silent commands transmitted by light, via lasers.
Those scientists, using lasers as far as 164 feet away, have demonstrated the ability to trigger responses from Google Home devices, Amazon Echoes, and Facebook Portals. Through an outside window, via nothing more than a silent speck of red light, they are able to fool the smart speakers into executing a wide range of commands.
A scientist fooling a smart speaker into turning the lights on and off, or opening the garage door, may seem like harmless fun. But this hack could conceivably wreak considerable havoc in the hands of a cybercriminal … or a government agent.