Digital Voice Assistants: The New Front in the War on IoT Hackers

by Simon Edwards

As the Internet of Things (IoT) permeates further into our everyday lives, the potential for hackers to line their pockets and even disrupt key critical infrastructure moves increasingly from theory to practice. We’ve already seen Ukrainian power stations crippled by malware, connected car vulnerabilities reach crisis point and even smart baby monitors hacked.

Voice assistants are the latest piece of the IoT ecosystem to come under scrutiny. A new Trend Micro infographic highlights the key privacy issues, vulnerabilities and attack scenarios which could affect smart home users. For those IT and business leaders looking for more guidance, check out our CLOUDSEC conference next week.

Digital glue for the smart home
Anyone who has read the OWASP’s IoT Security Guidance will know very well the numerous parts of the IoT ecosystem which could be vulnerable to attack. Depending on what systems we’re talking about, the threats could come today from financially motivated cybercrime gangs, state-sponsored spies and even the manufacturers themselves, who collect an increasing amount of personal data via our smart devices.

The likes of Amazon, Google and others are increasingly marketing their voice assistant technologies as the digital gateway to the smart home. It makes complete sense, both from a business perspective – pulling consumers into their respective ecosystems and services – and a usability point-of-view. Digital assistants can be the glue that holds the smart household together, making us happier and more productive at home.

But there are inevitably risks. Every IoT endpoint is a potential gateway to the home or corporate network, and as such could allow hackers to reach highly sensitive data. There’s also the potential for them to remotely control devices, to switch off security alarms and other systems, or even to launch DDoS attacks on other targets.

Where are the threats?
As our latest research reveals, hackers could potentially bypass authentication to issue ‘malicious’ commands by impersonating a user’s voice, or even hiding commands in music or manufactured sounds. They could compromise such systems’ communications with the cloud via Man in the Middle and DNS poisoning attacks. Other areas potentially at risk include unsecured WLAN, or hardware protocols and vulnerabilities.

That’s not to mention the potential for manufacturers to store and share with third parties highly sensitive user voice patterns and behaviour profiles that could be a goldmine for hackers.

CLOUDSEC
For those concerned about the wider implications of IoT threats, Trend Micro’s popular CLOUDSEC conference is back in September. This one-day event will see world-renowned academics, law enforcers, security professionals and vendors on hand to share best practice advice and provide crucial insight into where the next threats are coming from.

The IoT is one of the key areas of focus at the show. Pen Test Partners founder Ken Munro will demonstrate the potentially devastating impact of an IoT attack on critical infrastructure, while Trend Micro’s VP of Security Research, Rik Ferguson, will propose an innovative new model to raise the bar on IoT security.

With just a week to go, places are going fast. To reserve yours, get in touch today.

What: CLOUDSEC 2017
When: Tuesday 5 September
Where: Park Plaza Westminster Bridge, London

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *