60 Second Rundown…
- Voice assistants can be hacked
- Voice commands can gain access to LANs through connected devices
- Small businesses need robust protection in BYOD policies
- Keep smart devices and PCs up-to-date on the latest security patches
- Stay vigilant by monitoring for malicious activity
Micro-electro mechanical systems (MEMS) microphones have a diaphragm that detects changes in air pressure caused by sound. Then, they convert the sound into electrical signals that can issue commands to a smart device.
Microphones are listening to us all the time. Alexa, Siri, Cortana, and others are awaiting their programmed signal word. Unfortunately, this opens networks up to specific voice-activated security vulnerabilities. When you say their name, your voice assistant starts recording so they can respond to spoken commands. Voice assistants demonstrate the convenience and benefit artificial intelligence can bring to our daily lives. But, like any technology, voice-controlled devices have exploits and security risks.
Voice-activated Security Vulnerabilities
Any connected device is a potential gateway for malicious actors to access your local area network (LAN). Smart assistants are no exception. Voice commands can deploy a sequence of hacks that directs an Android device to download malicious software. Once downloaded, the software scans the LAN for vulnerable Windows devices. The smartphone acts as a proxy to exploit vulnerabilities and spread ransomware to PCs.
The Dangers of BYOD
As technology advances, more and more threats will come from voice-enabled mobile and internet of things (IoT) devices. Mobile devices can go anywhere. Even if your LAN is secure, an employee could pick up malware on the unsecured WiFi at a coffee shop and bring it back to work. Bring your own device (BYOD) policies need to reflect this new reality. Start by creating a segmented network with a separate guest WiFi system for personal devices. This is a general guide for BYOD employee policies, as voice command exploits are made less effective by this security measure.
Protecting Against Voice Hacks
The first thing is to update your devices. Keeping your PCs, smartphones, and tablets up-to-date on the latest patch closes many of these exploits. Likewise, keep devices that use MEMS microphones out of line-of-site from any exterior windows. However, updates are not enough. New zero-day exploits pop up regularly. Small businesses need to take a layered approach to security. Monitor suspicious activity using detection and prevention systems. All security measures should extend to any BOYD and IoT devices on your network. Don’t forget to change ALL default user IDs and passwords.
Contact us if you need expert assistance in applying in-depth network defense against voice-activated security vulnerabilities.