Welcome to The Week in Smart Home, our round-up of the week's stories you might have missed.
This week we've got the results of a new study that highlights one of the more worrying security and privacy scenarios we've seen to date, when it comes to smart speakers. We also have details on Nest's service outage and the impending (lack of) carnage and, best of all, a video of a parrot who loves Alexa.
Have a great weekend.
Voice squatters big risk for smart speaker security
Weâve heard a lot about the security and privacy concerns about smart speakers, but a new study detailed on ThreatPost has found what could be the biggest threat to date. Itâs called âvoice squattingâ and essentially picks up on the ambiguities of the way we use our voices for search.
The study set up bogus Alexa skills and Google Actions, hoovering up slight nuances in peopleâs commands. Instead of installing a skill by saying âAlexa, start Capital Oneâ (a banking skill), the team set up bogus skills installed by âAlexa, start Capital Wonâ or âis start Capital One Pleaseâ.
âWe registered five skills with Amazon and one with Google. All these skills passed the Amazon and Googleâs vetting process,â reads the whitepaper.
Once the user has installed the skill, the team were able to start controlling that device:
This involved âyielding control to another skill or service, yet continue to operate stealthily to impersonate these targets and get sensitive information from the user,â the paper continued.
The whitepaper also outlined a known attack called voice masquerading. This exploits how Alexa and Google Assistant can indefinitely keep a skill running, as long as itâs picking up audio. While that skill is running itâs allowed to record your conversations, as the background voices track Alexa/Assistants kill timings. Itâs a small window into how someone could turn a smart speaker into a fairly feasible recording device.
Nest goes down, nothing bad happened
It was red faces at Nest this week, as services experienced a three hour outage that rendered its smart home devices unresponsive. Much has been made of the outage, which lasted significantly longer than the SmartThings one earlier this year.
Yes, doors could no longer be remotely unlocked, cameras were offline and doorbells werenât sending video to smartphones â but to a certain extent it was a success. Most critical devices have fail safes, so locked doors remained locked (and openable with a key), and thermostats were still controllable manually. Itâs not great PR, but everything behaved the way it was supposed to â and service was quickly restored.
Google Home Max latency slashed
Google has slashed the latency of its Google Home Max speaker by a whopping 93%, opening up brand new use cases for the smart speaker. Anyone hooking their Max up for soundbar-type functionality would have been mightily disappointed by the lag between audio and video â but with latency slashed from 550 to 39 milliseconds. A victory for AV heads â and you can thank The Next Web.
HP all-in-one Alexa PC lands
Alexa is rolling out into Windows 10 â but the all new HP Envy Curved AiO all-in-one has built Amazonâs assistant into the hardware, and The Verge got some hands on time. The base of this swanky-looking has a blue light offering the usual visual feedback for engaging with Alexa, and has the voice assistant app pre-installed. Thereâs no detail on price or exact release date yet.
Parrot 4 Alexa 4eva
Itâs the ultimate âand finallyâ story â so we left it until last. Using voice assistants is so easy that even this parrot has got to grips with it. Buddy, the African Grey from Florida, has learned to turn the lights on and off â and seems quite affectionate to his voice assistant friend â he even tells Alexa âI love youâ at the end.