The Secret Lurker: Voice Squatting

Posted on in Cybersecurity

The opportunity to have virtual assistants in our home or in our business is an experience previously only dreamed about on shows like the Jetsons. As we reach the crest of this new technology, we are learning the risks posed due to advancement. Here’s what you need to know about the phenomenon known as “voice squatting.”

How It Works

A virtual assistant (like Google Home or Alexa) can make your grocery list, tell you the weather and play songs on command. However, when your personal robot lets in a criminal, you want to know how it happened. Since these devices work through voice activation, hackers take advantage of this by creating apps that sound similar to others you may requesting via voice commands.

Once allowed into your home, they have access to the audio recording capabilities of the Alexa, Google Home or Apple Home Pod devices. Additionally, researchers are finding criminals can set up triggers by any audio stream that has been tampered with to initiate voice commands without you ever knowing.

Why It’s a Threat

Aside from the breach of privacy, hackers will have access to vital information such as health information and financial accounts. For example, when you ask the device to open your account information at “ABC Bank,” it could trigger an opening of the app “ABD Bank,” which was purposely given a name similar to a voice command you make, and is controlled by hackers.

What It Means for Your Device

While the creators of these devices have yet to come up with a solution to voice squatting, there are some things you can do to lessen your concern instead of getting rid of the device altogether.

  • Don’t conduct any financial business on the device.
  • Update your microphone settings. You can set only certain applications to have access to the microphone. You can turn off the microphone altogether when having private conversations.
  • Keep the device clean. Just as you would on your computer or phone, be sure to clear out your voice history.
  • As an organization, only allow the device in rooms where it cannot possibly be a threat to you or your clients.

Check out our security services to see how we can help protect your organization.