It's dismayingly easy to make an app that turns a smart-speaker into a password-stealing listening device and sneak it past the manufacturer's security checks

Originally published at: https://boingboing.net/2019/10/20/verify-me.html

4 Likes

27nydh

7 Likes

Why do people still buy any of these things? The convenience hardly seems worth it. Even if you’re not targeted by a malicious third party, the constant possibility of surveillance by the companies themselves is just creepy.

9 Likes

At least when this happened in the 90’s they had to send Mary McDonnell to ply the information out of you.

5 Likes

Do people tend to speak their passwords aloud a lot?

2 Likes

Did you read the article?

After a long interval, the speaker then spoke in a voice that terminated the speaker’s OS, with a fake error message asking for a password to allow for a security update.

2 Likes

Yes.

I made a catchy tune out of it:

:musical_note: Seven ampersand six capital N a o
Capital Z four pound l k capital J :musical_note:

I sing it in the car at red lights with my windows down.

14 Likes

Seems like a good idea.

And I do love a catchy tune…

5 Likes

Some friends have the Alexa thing, it consistently reinforces by desire to never own one, or anything like it; it constantly mis-hears instructions, or doesn’t hear them at all, or doesn’t play the music asked for.
I’d have Sonos-type speakers around, the Ikea lamp version is very appealing, but those are app-controlled, not voice, or ‘smart’.

1 Like

This still remains fantastic. I thought he’d taken that off his channel so i’m glad to see it back.

You don’t even have to wait for a malicious third party, good old fashioned corporate fuckery will do…

1 Like

I wonder if it will ever really be possible to enjoy the science fiction essay of the voice-controlled system.

Maybe some things just aren’t ever going to work, for some mundane or malicious reason or other.

The “science fiction future” wasn’t ever a promise, and the whole genre is a subset of fantasy. And that’s fine.

1 Like

I am really tempted to try to log into this site with your username and 7&6NaoZ4#lkJ

Because I would be so impressed if you used your real password just to see if anyone would try it.

4 Likes

But what if it’s £lkJ, huh? You’d never know.

3 Likes

HEY YOU! Yeah, you with the windows down! Is your “pound” hash or sterling?

5 Likes

I don’t have to discuss my day with you

9 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.