Tuesday, August 11, 2020



Google blames software update for Home speakers recording users


BY DUNCAN RILEY

UPDATED AUGUST 10 2020

The ongoing joke around smart home devices is that they are spying devices that people opt to put in their homes and offices. Various companies have always denied this, saying that the devices are only triggered using “wake words.”

As it turns out, that’s not always true.

Google LLC has admitted that its Google Home speakers were recording users even when they hadn’t said, “OK Google” to the device.

The issue came to light after a Reddit user recently wrote that he had received a notification from his Google Home device saying that it had detected a smoke detector going off, but the device should not have been listening in. Other users then chimed in to say that they had also received notifications for events such as glass breaking. The feature is meant to be available only to users who subscribe to the Nest home security service.

Google claims that the feature was “accidentally” turned on after to a software update.

“The issue was caused by a recent software update and only impacted a subset of Google Home, Google Home Mini, and Google Home Max speakers,” a Google spokesperson told Yahoo News U.K. “We have since rolled out a fix that will automatically disable sound detection on devices that are not part of Nest Aware.”

Joseph Carson, chief security scientist and advisory chief information security officer at privileged access management firm Thycotic Software Ltd., told SiliconANGLE that this is a reminder that when you have a microphone nearby, it’s likely recording.

“The important message to any vendor with active smart microphones is that transparency and consent for the users when the device is recording is critical, especially at a time when many employees are working from home and sensitive business details might be leaking via nearby smart devices,” Carson said. “The good news is that Google reported the privacy incident and made an improvement to notify and alert the user when a recording have been made.”

Mohit Tiwari, co-founder and chief executive officer of data store and object security company Symmetry Systems Inc., took a more conciliatory tone, noting that “accidentally recording audio/video can stem from mundane errors, rather than malicious intent on Google’s behalf — they’ve probably too much more to lose from this kind of news than from eavesdropping. While it sounds dramatically bad, in most cases, the underlying cause is that integration-testing big software systems and putting production-time seatbelts on them is a very hard problem.”

More broadly, he added, there are several challenges to users’ privacy from smart-speaker systems. “Permissions on things like Android/iPhone are already very challenging — people just say yes to ‘do you want to give this wallpaper app access to SD card and internet?'” he said. “Things like accelerometer or air-pressure sensors can leak browsing history or location. And speakers add the additional layer that instead of a check-box, the input is a machine learning classifier which can err in unpredictable ways. So being able to precisely say ‘we will only listen to this dictionary of words and delete everything else’ is probably some ways away.”


No comments: