It's fair to say that there is a certain fear around smart speakers at the moment, since these little devices that we put on our coffee tables and bookstores have the potential to listen to our conversations.
It goes back to fear in the center of the classic dystopian of George Orwell 1984. Perhaps even more behind, to something more primary, to the monster under the bed, the invisible but what it sees.
It's easy to draw the 1984 parallel because, like the omnipresent screens in the science fiction masterpiece, our smart speakers (and even more similar smart screens) quickly make their way into every corner of our lives. [19659002] No matter the protests of the companies that make these speakers that say they are only hearing "wake up" words, and only send information to their servers when they have been decidedly activated, we still cling to the fear that Amazon (or Google , or Microsoft, or Apple) is spying on us.
Follow the data
It does not help that there are strange stories like Echo devices that laugh for no reason, that the Echo has been hacked, and even news that it is being manipulated to be an espionage device simply using a skill produced.
But this is the question, and try to keep an open mind when reading this: it is more likely that they are not spying on you, than what they are. The problem is that these companies will never be able to prove to you that they are not spying on you, because it is almost impossible to prove that it is negative.
All that "you can not prove something negative" is the exact reason that in most judicial systems around the world, the burden of proof always lies with the plaintiff.
I can accuse you, dear reader, of dressing like a giant tuna, and without providing images of you at every moment of your life, you can not prove that you do not. That is an unfair burden.
As plaintiff, the burden of proof falls on me to provide pictorial evidence of their fishing efforts so that my accusation supports. And until now, nobody has managed to prove that smart speakers are spying on you.
The recent news that the security firm Checkmarx created a skill that allowed it to convert Echo speakers into spyware (below) actually does more to disprove than to prove the theorem.
In the skill, Checkmarx took advantage of a vulnerability (which has now been fixed) that used the function & # 39; I did not understand it exactly & # 39; from Alexa, where you can continue listening after a request. The team muted Alexa's line, so the speaker continued recording without audibly telling him what it was.
Then, the team adjusted the duration of the recording so that this second "secret" recording could last an indefinite time (although it would be cut automatically after a couple of minutes).
The first thing that stands out is that it was not totally secret, since the Echo speaker would still have the "listening" light on. The second is that this would only give you a couple of minutes of information after interacting with a maliciously coded skill that the user should want to use.
The third is that the attacker could only receive a written transcript of the conversation. Amazon has the ability to receive recorded audio (keep calm), but the large amount of server space needed to process the recorded audio of the millions of echo speakers from around the world would make constant espionage an absolute technical impossibility.
There was a patent filed by Amazon that would circumvent this problem by using emotive words as triggers, so whenever I say & # 39; I like & # 39 ;, & # 39; ame & # 39; I hate you. Something, your Echo could monitor what that was and customize your ads based on those preferences.
While it's worrisome, this is just a patent, not a statement of intent, and if it took each creepy patent (those are three separate links) at face value, it would have some pretty big questions about all the companies it gives you to your customized for.
Lower the gallows
Now, that does not mean that the requests you make from Alexa do not register and your data is used by the company, but that is your choice. It's the same as giving your data to Facebook every time you share a video, or Google every time you search for unicorns.
I want to make it clear that I am not saying that intelligent speaker espionage is definitely not happening, or that it is not possible to happen with the advances in quantum computing and AI that we are currently seeing, but only if you are currently working assuming that they are spying on you just because it scares you, then you should probably challenge that assumption.
through Wired