Voice control and security

I will assume that I am definitely not the first one to write about that, but I feel the need to write anyway.

We saw during a few recent events that our new beloved always listening devices can interpret an ordre form almost anyone (Someone ordered a Whopper? Burger King: OK Google!)

It seems trivial and a bit childish, but when you start integrating many services into a system like that, you may have to think about security.

This goes at different levels : from limiting commands to voice-print recognition.

https://xkcd.com/1807/

The first issue that comes to mind, related to several recent events, is that you may want to include some kind of limitation on your Google, Alexea or whatever voice-activated device you are using. Just to prevent anyone from ordering everything from your favorite shopping website when they are in listening range. This is pretty simple, and you may just set up your system just to load your shopping cart, and wait for your physical confirmation on your phone/laptop.

Second, you may want to rethink the voice activation of many devices. It has been proved that this can be hacked quite easily (http://www.zdnet.com/article/how-to-hack-mobile-devices-using-youtube-videos/). The good thing is that you can limit what you are allowed to do on your phone without providing an unlock code. It depends of your phone, but you should at least check that out.

Then comes the issues that are not really solved, at least on publicly sold devices. There are two that I can think of right now : voice printing, and content securing.

Voice printing would allow your devices to recognize your voice only, so that no one else can use your device. Pretty simple, and some applications are already providing that, in a limited way. I know, it goes a bit against the current flow of speech recognition, which has been improved up to the point where it does not need to be trained any more. If anyone remembers having to go through hundreds of sentences with Dragon Dictate…

Content securing if the other end of the scope : how do you make sure that some content cannot be spoken, from your device, when it is private. “Siri, how much is there on my bank account?” You might not want Siri to tell the amount out loud on the bus, right? I agree, you should not ask the question if you do not want to hear the answer, but still, it might provide an additional security to be able to limit some outputs.

I have been notified that a device has been designed to provide privacy for your conversations and voice commands : HushMe. I have to admit I am a bit puzzled by the device : http://gethushme.com

I am not sure whether it is a real solution, and a viable one 🙂

Leave a Reply