Robot touching human finger

The Remaining Security Issues

The Risks of “VPA Unfiltering”:

As described in the previous blogs, it is the hope of the major Virtual Personal Assistant vendors that their product will help automate our lifestyle daily, especially when it comes to online shopping.  As the technology further evolves, Siri or Cortana will be able to pick the exact products we want, based on previous purchasing behavior.  This concept is known as “VPA Filtering”. But, once retail companies start to fully realize just how powerful the Virtual Personal Assistant can be for pushing ads and other product solicitations, there is a strong fear that a “kickback” deal could be reached with the VPA vendors.  So, for instance, the major retailers could offer a financial incentive to the makers of Siri and Cortana to do away with the mathematical algorithms which comprise the techniques of VPA Filtering and offer them a certain percentage of the revenue for their products which are advertised to customers on their Smartphone and purchased by the VPA.  If this were to become a reality, this would then become known as “VPA Unfiltering”.  Although this will be viewed as a major inconvenience and a sheer invasion of privacy, there are real Security risks associated with this as well.  For example, without any filters put into place, the threats of Adware attacks become greatly magnified, and Siri or Cortana could very well make unwanted purchases with unauthorized online vendors. As a result of the latter, another real threat is that financial information and data could be easily and unknowingly given away to a malicious third party.

The remote control of Siri or Cortana:

The way that technology is now, the major Virtual Personal Assistants cannot discriminate between voices of the end users.  In other words, a person can easily talk into an iPhone or a Windows Mobile device that does not belong to them and still have an effective conversation with Siri or Cortana.  Obviously, this is a huge Security risk as well, and the only way for them to “know” who the authorized end user is through using a Biometric technology known specifically as “Voice Recognition”.  But, in conjunction with this, Siri or Cortana can literally have a conversation from either 10 feet or 10 inches away, there is no specific range in which a conversation can be had, as long as it is clear audible.  This too is also a grave Security risk, which in fact, has been proven to be so by Security researchers at ANSSI, a French based Government agency.  This simulated attack makes use of radio waves in order to covertly transmit voice generated commands to just about any brand of Smartphone that has Siri or Cortana installed onto it.  In these instances, the earbuds can be literally used as an antenna, in which the electromagnetic waves can be easily converted over into electrical signals.  The latter appears as discernable audio to the iOS, Android, or Windows 10 Mobile Operating Systems, coming straight from the microphone of the end user.  The end result of this is that a Cyber attacker could very easily dictate commands to Siri or Cortana without uttering even one spoken word from a very far and remote distance.  There are no limitations as to how many Smartphones can be infected in this manner, it can from as few as 5 to as many as even 100.

Conclusions

Our next blog will review some security practices that you can use for your VPA.