The Other Security Issues
It is important to keep in mind that the Security issues surrounding Virtual Personal Assistants are both technical and non-technical in nature. But given the new adoption rate of them, one will find that most of the Security threats for right now are mostly non-technical in nature, meaning they have more of a social impact upon the end user or the business and/or corporation.
The confusion in the Software Licensing Agreements:
Normally, the wireless vendors make their customers sign contracts to which very often, nobody pays too much attention when they are signing. The same is even with Apple, when customers sign up for either their iPhone or iPad services. In this contract, Apple does state how it will store and even possibly use the recorded conversations:
“When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text . . . by using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.” (SOURCE: 1)
Because of this sheer vagueness, many businesses and corporations are now viewing this as a huge Security risk to their own information and data, and as a result, have banned the use of Siri by their employees. One such example of this is IBM. Just recently, they implemented a ban on their employees from explicitly using Siri for anything which is work related. The primary reasons cited for this drastic move is not only once again the murkiness of the language above, but also the ramifications of having conversations stored literally in a black box, without having any knowledge of how it will be stored or disseminated: “The company worries that the spoken queries might be stored somewhere.” (SOURCE: 2)
The dangers of using the Siri or Cortana with the Internet of Things (IoT):
As this will be fully explored in a future blog, the Internet of Things is essentially a rather new concept in which we as individuals, will be defined as to how we interact objects (both in the physical and virtual sense). One of the primary applications of the Internet of Things will in the “Smart Home”. One of the components of the IoT in this regard will once again be that of the Virtual Personal Assistant. Although the “Smart Home” has still yet to fully evolve into the mainstream public, it has already become the hot target for the Cyber attacker. For example, just recently, there was a Malware attack specifically known as the “Mirai”. In this, all components of the IoT, including Siri and Cortana, were targeted in order to create a massive Botnet in order to attack an entity known as “Dyn”. These are one of the places where the Domain Name Servers (also known as the “DNS”) are contained. The end result of this attack is that it totally crippled the websites of PayPal, Twitter, Reddit and Netflix.
Our next blog will conclude our series into the security risks posed by Virtual Personal Assistants. After that, there will be a blog devoted as to the protective measures that you can take.