It's dismayingly easy to make an app that turns a smart-speaker into a password-stealing listening device and sneak it past the manufacturer's security checks

Originally published at: https://boingboing.net/2019/10/20/verify-me.html

…

Why do people still buy any of these things? The convenience hardly seems worth it. Even if you’re not targeted by a malicious third party, the constant possibility of surveillance by the companies themselves is just creepy.

At least when this happened in the 90’s they had to send Mary McDonnell to ply the information out of you.

Do people tend to speak their passwords aloud a lot?

Did you read the article?

After a long interval, the speaker then spoke in a voice that terminated the speaker’s OS, with a fake error message asking for a password to allow for a security update.

Yes.

I made a catchy tune out of it:

“ Seven ampersand six capital N a o
Capital Z four pound l k capital J ”

I sing it in the car at red lights with my windows down.

Seems like a good idea.

And I do love a catchy tune…

Some friends have the Alexa thing, it consistently reinforces by desire to never own one, or anything like it; it constantly mis-hears instructions, or doesn’t hear them at all, or doesn’t play the music asked for.
I’d have Sonos-type speakers around, the Ikea lamp version is very appealing, but those are app-controlled, not voice, or ‘smart’.

This still remains fantastic. I thought he’d taken that off his channel so i’m glad to see it back.

You don’t even have to wait for a malicious third party, good old fashioned corporate fuckery will do…

I wonder if it will ever really be possible to enjoy the science fiction essay of the voice-controlled system.

Maybe some things just aren’t ever going to work, for some mundane or malicious reason or other.

The “science fiction future” wasn’t ever a promise, and the whole genre is a subset of fantasy. And that’s fine.

I am really tempted to try to log into this site with your username and 7&6NaoZ4#lkJ

Because I would be so impressed if you used your real password just to see if anyone would try it.

But what if it’s £lkJ, huh? You’d never know.

HEY YOU! Yeah, you with the windows down! Is your “pound” hash or sterling?

I don’t have to discuss my day with you

This topic was automatically closed after 5 days. New replies are no longer allowed.