As the popularity of Amazon Alexa and other voice assistants grows, so too does the number of ways those assistants both do and can intrude on users' privacy. Examples include hacks that use lasers to surreptitiously unlock connected-doors and start cars, malicious assistant apps that eavesdrop and phish passwords, and discussions that are surreptitiously and routinely monitored by provider employees or are subpoenaed for use in criminal trials. Now, researchers have developed a device that may one day allow users to take back their privacy by warning when these devices are mistakenly or intentionally snooping on nearby people.
LeakyPick is placed in various rooms of a home or office to detect the presence of devices that stream nearby audio to the Internet. By periodically emitting sounds and monitoring subsequent network traffic (it can be configured to send the sounds when users are away), the ~$40 prototype detects the transmission of audio with 94-percent accuracy. The device monitors network traffic and provides an alert whenever the identified devices are streaming ambient sounds.
- This is a prototype, not a product. You can't buy it yet.
- This is a pretty neat approach. I posted years back about just how powerful Traffic Analysis is, and how we used it in World War II.
- If you want privacy you really shouldn't have one of the Alexa devices listening to you all the time.
6 comments:
Anyone who has an electronic gizmo like that is asking for trouble in the first place.
That's neat. I'd like to see results from it monitoring a smart phone to find out how much the phone is sending back. We know that at least some apps use the microphone and send audio back.
This is why I have none of that crap in my house...
You have provoked an idea: Would it be possible to craft an open-source firmware for this sort of digital assistant which had the 'phoning-home' behavior crippled or even eliminated? As in the open source firmware projects for home routers, which exists and is pretty well-regarded?
A tech fix to Big Tech is impossible. They will overwhelm or corrupt any attempt. The only feasible solution is to destroy their business model. All this spying is done for revenue. The other negative effects are collateral damage. Take away the revenue and the spying becomes much less attractive and more expensive to the spies. No use of personal data without permission and payment. And no blanket permissions or barter deals for payment. Use by use permissions and payment.
We do not have one and I am uncomfortable in places that do.
Post a Comment