Voice-based assistants don't just pay attention to official alarm commands: as experts from the University of Darmstadt, North Carolina State University, and the University of Paris-Saclay have found, Amazon Alexa and similar helpers can start listening to dozens of misunderstood command words.
A team of experts cited by Venturebeat developed a tool called LeakyPick to investigate the problem by monitoring the network traffic of smart speakers and similar devices hosted by virtual assistants, specifically searching for data transmissions referring to the transmission of audio material.
The LeakyPick prototype builds on a Raspberry Pi and generates sounds at specified intervals while keeping an eye on network traffic. To create sounds, the tool selects from a phoneme dictionary, searching for words that have a similar phoneme number to the real wake-up commands of the virtual assistants – and also occasionally tries random English words. The device specifically monitors the traffic generated by devices equipped with a microphone, paying special attention to the sudden increase in outgoing data volumes. To do this, it first determines a baseline traffic level using statistical methods to filter out cases where assistants are not transmitting audio material. According to researchers, the device is able to detect recorded speech in network traffic with an accuracy of 94 percent.
Researchers have tested LeakyPick with several home smart devices, including Amazon Echo Dot, Google Home and Apple's HomePod smartphones, Netatmo Welcome and Presence smart cameras, and Nest Protect smart smoke detectors and Hive Hub 360 smart . LeakyPick used a light sensor to monitor when the indicator LEDs on the devices were lit, logging when and on which words they were turned on. During the test, Amazon's smart speaker was highly inaccurate, waking up to no less than 89 words, many of which differed significantly from the device's default nickname – and the device always forwarded unsolicited recordings to the company.
The problem is not new. , Amazon had previously run into several scandals over its subcontractors being able to eavesdrop on private conversations through inadvertently turned on smartphones, and a year ago it also stirred up a lot of dust that it turned out that Amazon retained recorded material indefinitely, in some cases users have manually removed them from their profiles.
Gellert is Technology Editor at Counting News Media and contributor at other major tech publications. Her interests includes testing new gadgets and reading.