HOME
An attacker can steal sensitive user data over the phone using smart speakers
In recent years, voice assistants such as Siri, Amazon Alexa, Google Assistant and Cortana have become increasingly popular. People in many countries worldwide communicate with these artificial intelligence (AI) agents on a daily basis, asking them to search for information online, send emails or messages, play their favorite songs, and so on.
While voice assistants can greatly simplify the way in which we use our smartphones, PCs, tablets and other devices, they also raise a number of privacy and security-related concerns. In fact, these agents can also be used to collect data for targeted advertising and may even allow cyber-attackers to steal sensitive information from users or tamper with their devices.
Researchers at Georgia Institute of Technology recently showed that a simple attack could allow malicious users to gain access to people's personal information via voice assistants. Their findings, presented in a paper pre-published on arXiv, highlight a number of vulnerabilities and risks associated with the use of conversational agents.
"In recent years, there have been news stories about Amazon Echo accidentally recording and sending the conversations between people in its vicinity to a contact via a phone call," Zhengxian He, one of the researchers who carried out the study, told Tech Xplore. "Our research is motivated by new threats to sensitive information in these environments that arise due to the proximity of compromised computers and voice assistants. We are able to demonstrate that such threats could be real, and that data stored on computers could be stolen via voice assistants over a phone channel."
News Source