The Security Issues Surrounding a Virtual Personal Assistant
Despite the advantages that a Virtual Personal Assistant brings to an end user, or even for a business or a corporation, there are serious Security issues that are associated with them. Although the advent of a VPA is not a totally new concept, its huge demand and growth into the Smartphone is still being embraced.
This means that the assessing the Security risks and threats which are posed to the different VPA applications are still being ascertained, and its magnitude of impact is still being quantified.
One of the first Security issues that comes to mind is that of privacy. For example, as we communicate with either Siri or Cortana, the dialogue can be still be considered as one sided.
This simply means that it is the end user which is engaging in most of the dialogue, and it is the Virtual Personal Assistant which is merely responding with the needed answers to the queries which are being asked of it.
But it is very important to keep in mind at this point that it is not the mobile app upon which the VPA resides on which is answering to you. Rather your conversations and queries are being transmitted back to the corporate headquarters of either Apple, Google, or Microsoft. In turn, it is the servers there which are feeding the answers back to the mobile app which is communicating with you.
So, the question remains is how secure are these lines of communications between the mobile app and the transmissions sent back to the corporate headquarters and vice versa? True, these companies may merely state that the lines of communications are indeed secure, but are they really?
Up to this point, there have been no known studies which have been conducted to examine the depth of Security of these particular lines of communications.
It is quite possible that they are totally unencrypted, and as a result, they could be a prime target for an Eavesdropping Attack by a Cyber attacker. It is also equally important to note that these servers may not necessarily reside exclusively here in the United States, where there is some legal protection afforded to citizens of wiretapping by the Federal Government or any other private third party.
These servers are very likely housed in those countries (given the fact that Google, Microsoft, and Apple are all multinational companies) where these protective mechanisms are not in place.
So, for example, although you might be having a conversation with Siri or Cortana here in the United States, there is a good chance that those conversations are then being transmitted back to the servers which reside in a country like Russia or China. As a result, there is a much higher probability that your conversations could very well be wiretapped, and being listed into.
Because of this, a virtual audit trail of your conversations is literally being built in a manner similar to that of enabling cookies on your Web browser. To make Security matters even more complex, the conversations that you are having with either Siri or Cortana are actually being recorded and stored.
Apple has a retention policy of at least 18 months, the timeframe for Microsoft and Google have not yet been disclosed to the public. As a result, these stored conversations could be “prey” for the Cyber attacker.
Our next blog will further examine in more detail the security issues surrounding the use of Virtual Personal Assistants.