It's dismayingly easy to make an app that turns a smart-speaker into a password-stealing listening device and sneak it past the manufacturer's security checks

German security researchers from Security Research Lab created a suite of apps for Google and Amazon smart speakers that did trivial things for their users, appeared to finish and go dormant, but which actually stayed in listening mode, then phished the user for passwords spoken aloud to exfiltrate to a malicious actor; all their apps were successfully smuggled past the companies app store security checks. Read the rest

Samuel L. Jackson to be the first Amazon Alexa celebrity voice

"And I will strike down upon thee with great vengeance and furious anger those who attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee."

Deadline:

Samuel L. Jackson and other celebrities will lend their voices to Amazon’s Alexa devices in a new feature that will be available as a 99-cent upgrade, the tech giant announced at a major product reveal in Seattle...

Jackson “can tell you jokes, let you know if it’s raining, set timers and alarms, play music and more – all with a bit of his own personality,” according to the company’s official blog post. The company plans two versions of his voice — “explicit and non-explicit.”

screenshot via Pulp Fiction Read the rest

Amazon's being greasy about Alexa user data. Again.

Remember when Amazon introduced the ability for folks easily delete their conversations with any of the Alexa wiretap they'd foolishly allowed into their homes? Boom! Gone! No more voice history! Everyone with one of the company's smart speakers could rest easy knowing that their personal information and shopping habits wouldn't be available for the marketing world to get its grubby meathooks on. HAHAHAAHAHAHA Yeah, that was bullshit. Even if you wipe your conversations with Alexa from your Amazon devices, Amazon still retains some information.

From CNET: ... Amazon noted that for Alexa requests that involve a transaction, like ordering a pizza or hailing a rideshare, Amazon and the skill's developers can keep a record of that transaction. That means that there's a record of nearly every purchase you make on Amazon's Alexa, which can be considered personal information.

Other requests, including setting reminders and alarms, would also remain saved, Huseman noted, saying that this was a feature customers wanted.

It gets better: Amazon says that they use this personal information to train Alexa to be an even better wiretap than it already is. What they don't say, however, is what third-parties, such as outside Alexa skill developers and marketers, are allowed to do with this leftover data.

Apparently, the only way to be sure that all of a customer's user data has been obliterated from the company's servers is for them to call customer service and demand that the personal information be nuked from orbit. Of course, given that the company has already been all kinds of greasy about promising to make personal data deletion a simple task for folks to undertake once, there's no guarantee that they won't quietly screw their users again. Read the rest

Vintage Apple TV and Alexa

Thomas Martin Lewins V has done what they said was impossible. He's made modern technology work with old fashioned devices.

First, he installed Apple TV on his big, clunky floor console television and now he can watch TV apps, like Netflix and Hulu, on it.

He writes:

Best Buy said it couldn’t be done. The internet said it was impossible. Eat my ass Best Buy, eat my ass internet.

HDMI to rca, rca to vcr, vcr to coaxial, coaxial to antenna.

After months of pulling my hair out and eating it. I present to you.

Vintage Apple TV.

Then, he installed Alexa on a bunch of vintage devices around his house.

Might have went a little overboard on this one,

The police were called to my house twice for noise complaints. (worth it)

I present to you,

Vintage Alexa.

Impressive! Read the rest

Amazon unveils a new Echo Dot surveillance device for children

The latest addition to Amazon's line of always-on, ever-listening, networked, insecure (1, 2, 3, 4, 5, 6, 7) snitchy smart speakers is the new rev of the Echo Dot Kids Edition, whose "kid-friendly" Alexa is like surveillance Barbie without the pretense of being a toy. Read the rest

New Amazon patent application reveals "solution" to missed Alexa instructions: always on recording

When you talk to Alexa and other voice assistants, you have to phrase your requests by starting with their "wakeword" ("Alexa" "OK Google" "Siri" etc). Read the rest

Illinois almost passed a bill that banned devices that record you without your consent -- and then Big Tech stepped in

This week, Keep Internet Devices Safe Act was gutted by the Illinois senate: it would have allowed people sue manufacturers if they determined that a device had engaged in remote recording without notifying its owner. Read the rest

Amazon stores recordings of Alexa interactions and turns them over to internal staff and outside contractors for review

Bloomberg reporters learned that -- despite public pronouncements to the contrary -- Amazon has an "annotation team" of thousands of people all over the world, charged with reviewing recordings made by Alexa devices in the field, with both staffers and contractors listening to conversations that Alexa owners have had with and near their devices. Read the rest

EFF's guide to creepy, surveillant Christmas gifts

Topping the Electronic Frontier Foundation's don't-buy for Christmas list: Facebook's Portal in-home spycams, followed closely by Alexa/Google Home and other "home hubs"; Verizon's "AppFlash" spyware-equipped phones; and even the Elf on the Shelf gets a look in (normalizes surveillance!). Read the rest

Alexa-enabled Big Mouth Billy Bass. Pre-order it for $40.

You can preorder an Alexa-enabled Big Mouth Billy Bass for $40. Read the rest

Hackers find exploitable vulnerabilities in Amazon Echo, turn one into a listening device

At Defcon, Tencent's Wu HuiYu and Qian Wenxiang presented Breaking Smart Speakers: We are Listening to You, detailing their work in successfully exploiting an Amazon Alexa speaker, albeit in a very difficult-to-achieve fashion. Read the rest

Voice assistants suck (empirically)

New research from legendary usability researchers The Nielsen (previously) Norman (previously) Group finds that voice assistants are basically a hot mess that people only use because they are marginally better than nothing. Read the rest

Amazon: 'Unlikely' string of events led to Echo recording a family's private chat & sending to some random guy

Amazon has now publicly responded to today's bombshell news that an Alexa/Echo personal digital assistive device recorded and then leaked a Portland family's private conversation to a third party acquaintance in Seattle. An "unlikely" string of events led to the freak occurrence, says Amazon. OK. Sure. Read the rest

Alexa listened to a couple's conversation and sent it to the husband's employee without permission

A couple in Portland is accusing Alexa of doing exactly what many people have feared she might do. They say she listened in on a conversation and sent it to a random contact of theirs – one of her husband's employees.

The woman, whose name is Danielle but whose last name hasn't been disclosed, says that two weeks ago she got a call from her husband's employee, who said, "Unplug your Alexa devices right now. You're being hacked."

According to KIRO-7 in Seattle:

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'"

Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it too.

"I felt invaded," she said. "A total privacy invasion. Immediately I said, 'I'm never plugging that device in again, because I can't trust it.'"

Danielle says an Amazon engineer investigated.

"They said 'our engineers went through your logs, and they saw exactly what you told us, they saw exactly what you said happened, and we're sorry.' He apologized like 15 times in a matter of 30 minutes and he said we really appreciate you bringing this to our attention, this is something we need to fix!"

When KIRO-7 questioned Amazon, they responded with this: “Amazon takes privacy very seriously. Read the rest

Security researchers can turn Alexa into a transcribing, always-on listening device

Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest

Alexa Ruins Families, cartoonified

Cartoonist Lauren eLL secretly recorded a funny family video, then turned it into a charming cartoon about how Alexa Ruins Families. Read the rest

Make your own Alexa-controlled toilet

Inspired by the $6,000 Alexa-controlled toilet at CES, Jonathan Gleich hacked together his own one-tenth the cost. The base of this smart throne is the Brondell Swash 1400 Luxury Bidet Toilet Seat, available for $650 from Amazon. The other components are a $46 auto flusher, $23 infrared link, and $17 Adafruit Feather HUZZAH microcontroller.

Gleich posted directions to make your own over at Instructables: "Alexa Controlled Toilet"

(via Make:) Read the rest

More posts