As if you didn’t already have enough reasons to worry about your privacy in the age of technology, it turns out that hackers can now steal texts and passwords with the help of recordings saved by microphones situated on smart speakers and assistants. The researchers at the University of Cambridge proved this in their recent study.
It’s common knowledge by now that smart speakers such as Google Home and Amazon Echo have mics on them. The role of these mics is to capture the audio to perceive trigger phrases. What many people don’t realize is that this audio data is regularly sent to remote servers.
According to studies, audio clips of nearly a minute’s length can be transferred to servers. And it goes without saying that such clips could contain sensitive information such as pin codes.
To prove this right, the researchers conducted a test in which they used a ReSpeaker that happens to be a piece of multi-microphone equipment for the Raspberry Pi. It is used to operate Alexa on the Pi while offering access to raw recordings. Apart from the central microphone, the arrangement was close to that of Amazon Echo.
Moreover, an HTC Nexus 9 tablet, a Nokia 5.2 smartphone, and a Huawei Mate20 Pro were used in the test as the victim’s devices. It was observed that audio recordings tapped on the devices could be strong enough for the sound waves to circulate in phone screens as well as in the air, allowing the microphones to capture them.
The team conducting the test trained an AI model to arrange taps and separate real taps from false positives in the captured clips. After that, a dedicated set of classifiers was brought into the play and its task was to guess potential digits and letters from the taps identified by the first classifier. In the end, it was revealed that PIN codes of up to five digits were guessed almost 15% of the time, with the text being comprehended with 50% accuracy.
However, the researchers stated that their experiment might not work in case the speaker in question runs Alexa and Google. This is due to the fact that neither Google nor Amazon gives third-party skills permission to access raw audio clips. But the researchers stressed how almost any gadget with a mic and access to audio log could be used by hackers to their advantage.
Read next: Study Reveals The Countries Affected Most By Data Theft
It’s common knowledge by now that smart speakers such as Google Home and Amazon Echo have mics on them. The role of these mics is to capture the audio to perceive trigger phrases. What many people don’t realize is that this audio data is regularly sent to remote servers.
According to studies, audio clips of nearly a minute’s length can be transferred to servers. And it goes without saying that such clips could contain sensitive information such as pin codes.
To prove this right, the researchers conducted a test in which they used a ReSpeaker that happens to be a piece of multi-microphone equipment for the Raspberry Pi. It is used to operate Alexa on the Pi while offering access to raw recordings. Apart from the central microphone, the arrangement was close to that of Amazon Echo.
Moreover, an HTC Nexus 9 tablet, a Nokia 5.2 smartphone, and a Huawei Mate20 Pro were used in the test as the victim’s devices. It was observed that audio recordings tapped on the devices could be strong enough for the sound waves to circulate in phone screens as well as in the air, allowing the microphones to capture them.
The team conducting the test trained an AI model to arrange taps and separate real taps from false positives in the captured clips. After that, a dedicated set of classifiers was brought into the play and its task was to guess potential digits and letters from the taps identified by the first classifier. In the end, it was revealed that PIN codes of up to five digits were guessed almost 15% of the time, with the text being comprehended with 50% accuracy.
However, the researchers stated that their experiment might not work in case the speaker in question runs Alexa and Google. This is due to the fact that neither Google nor Amazon gives third-party skills permission to access raw audio clips. But the researchers stressed how almost any gadget with a mic and access to audio log could be used by hackers to their advantage.
Read next: Study Reveals The Countries Affected Most By Data Theft