But as with any new technology, risks are part and parcel of the package. IPAs, while giving you incredible ease of access to information and control of your environment, can also be used to violate your privacy. In fact, the reason that these tools are able to tailor themselves to any given person is precisely by gathering as much data about them as possible. And it is very possible that this data gets into the wrong set of hands. This article is dedicated to discussing the ways in which IPAs are generally hacked and the consequences of those hacks. We will also touch on some basic safety precautions that you should take in order to keep potential hackers at bay.
How Are IPAs Hacked?
The not-so-old adage, “anything that is connected to the internet can be hacked,” is still very much valid. And all IPAs are always online; the information needs to be synched with the cloud so that your personal settings are associated with your account and not just a single device. This presents challenges to keeping your data safe and could be exploited in the following ways:
The most common IPA hack doesn’t even require an internet connection. Siri is activated on the lock screen, by default on every iPhone it comes with. The same goes for Google Now on Android devices. So, if an unwarranted party somehow gets a hold of your phone, they can access your sensitive data without even knowing your phone’s password or login pattern. It can simply ask Siri or Google Now about your phonebook, call log, social media, etc. While being fairly common, this security breach isn’t as egregious as some of the other hacks, as only people close to you can get physical access to your phone. It is also the most easily preventable hack: just take better care of your phone and don’t give it to people you don’t trust. Third-party applications can also use IPAs for malevolent purposes, as they can provide a gateway to your private data. Of course, we should note that most third-party applications provide useful functionality on top of these IPAs, like using Siri to call an Uber or write a text on WhatsApp. And, while Microsoft hasn’t enabled Cortana to provide similar utility – at least not yet – hackers have already developed tools to enhance Cortana’s locus of control. Though it does little more than merely add more voice commands to Cortana, you can rest assured that third-party involvement is only going to multiply. But not every application on the App Store or Play Store can guarantee security. On top of that, it isn’t hard at all to develop applications that can take advantage of IPAs. For instance, back in 2014, a group of college freshmen from the University of Pennsylvania developed a Siri-driven app in a hackathon. The app, called GoogolPlex, was programmed to launch instead of Siri and override its functions. It did much more than vanilla Siri: you could use it manipulate room temperature if you had Nest, as well as open your Tesla’s doors. And if a group of college freshmen can achieve this much in a two-day hackathon, just imagine the havoc someone with the sole intent of malice could wreak. IPAs are also vulnerable to more sophisticated attacks. Back in 2015, computer scientists at France’s IT security agency ANSSI discovered a neat loophole in Siri’s voice recognition mechanism. The group used radio waves, in tandem with a pair of headphones and a microphone to replicate voice commands to Siri. It was also confirmed that this hack works on Google Now as well. There was at least one rigid limitation on the conditions of the hack: the victim’s phone had to be less than 16 feet away from the generation point of the radio wave signal. But the killer punch was that your phone could be hacked silently while it’s in your front pocket. Even the toolkit needed for the hack wasn’t hard to acquire, as all that was used was a laptop, a copy of the free software GNU Radio, a radio, antenna, and an amplifier.
The Consequences
How to Keep Yourself Safe
For starters, do not let strangers handle your smart devices. This is a more general precaution, and applies to anything from your phone, smart speaker to your laptop. There is a good reason why social engineering is the most popular method of hacking—because it’s so easy. iPhone and Android users should first disable Siri and Google Now respectively on the lock screen. This prevents hackers from intruding on your data without knowing your passwords. Google Now is actually disabled on most new Android devices, though your mileage may vary due to the virtually countless variants of the operating system. Smartphone users can actually teach their iOS or Android devices to respond only to their voice. Both Siri and Google Now come with a feature that lets you teach them the owner’s voice. Though not the most secure way to log in, something even Google agrees with, it is still much better than your IPA responding to generic voice commands. Only use trusted third-party applications. You should steer clear of even remotely suspicious applications promising to making your life better if you give them access to your IPA. The risks are of astronomical magnitude for anyone who values their privacy.
Conclusion
IPAs are going to have a magnified role in millions of lives, if they don’t have already. With that comes the interest of hackers and, with time, they will become more literate with this relatively new technology, resulting in more sophisticated hacks. The developers of IPAs are doing everything they can on their end to keep your data secure, with techniques like end-to-end encryption, safe cloud storage, and user authentication. But it also falls upon users themselves to make sure any potential data leak is plugged right away. Please check out SecurityIQ, sign up for free, and start using our interactive AwareEd Security Awareness Modules to increase your online security savvy!
