Study suggests its quite easy to hack smart speakers

German security research consultancy Security Research Labs has dropped a security bomb on Amazon and Google, questioning the competence of security features and reviews.

As with all these revelations, the vulnerabilities were shared with the two companies prior to being made public. The hacks which have been discussed this week have now been addressed by Amazon and Google, though it does demonstrate the awareness consumers need to acquire should these devices maintain their presence in the living room.

“Alexa and Google Home are powerful, and often useful, listening devices in private environments,” the firm said in a blog entry.

“The privacy implications of an internet-connected microphone listening in to what you say are further reaching than previously understood. Users need to be more aware of the potential of malicious voice apps that abuse their smart speakers. Using a new voice app should be approached with a similar level of caution as installing a new app on your smartphone.”

Although there is no such thing as 100% secure anymore, the competency of Amazon and Google has been called into question here. Vulnerabilities are nothing new in the digital economy, though the simplicity of some of these hacks are a little bit embarrassing for the internet economy’s poster boys.

The first hack is quite remarkable in the sense it is so simple. Security Research Lab created an application using the normal means and even submitted the application for review by the Amazon and Google security teams. Once the application had been green lit, the team went back in and changed the functionality, which did not prompt a second review from either of the review teams.

In this example, Security Research Lab created a fake error message to replace the welcome message to make the user think the application had not started properly, for example ‘this application is not available in this country’. After forcing the speaker to remain silent for an extended period of time, another message is introduced requesting permission for a security update. During this second message, the user is prompted to change his/her password, which is then captured and sent back to the Security Research Lab.

It is often said the simplest ideas are usually the best, and this is the same in the hacking world. Phishing is one of the most simplistic means to hack an individuals account via email, and this approach from Security Research Lab is effectively a phishing campaign translated to the voice user interface.

Amazon or Google would of course never ask a user for their password in this manner, but we suspect there are many users who would simply go with the flow. According to a Symantec security report, 71.4% of targeted attacks involved the use of spear-phishing emails so the approach clearly works. And now it can be applied to the voice interface.

While losing your password is a worry, the second hack unveiled by Security Research Lab is a bit more nefarious.

Once again, the application designed for the smart speakers are altered after the review from the security teams at Amazon and Google, however it is to do with when the speakers actually stop listening to the user. By introducing a second ‘intent’ which is linked to a command for the smart speaker to halt all functionality, the session can be extended.

In short, the device continues to listen and record its surrounding, before sending the data back to the attacker. This is obviously a very simplistic explanation, for more detail we would suggest following this link to the Security Research Lab blog.

Both of these examples are remarkably simple to introduce as the security review function of both Amazon and Google looked to be nothing more than a box-ticking exercise. Changes are seemingly ignored once the application has been passed the first time, offering a lot of freedom to the hacker. Both Amazon and Google will now have introduced new processes to block such attacks and improve the security review system, though it does appear to be a massive oversight.

Aside from the inadequacies shown here by Amazon and Google, Security Research Lab is perhaps demonstrating some of the biggest dangers of the digital economy; a lack of awareness by the general public. Most people download apps without checking the security credentials or reputation of the developer, and the same assumption could be made for growing ecosystem for smart speakers.

The connected home is a critical source of revenue for operators

Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Francesca Greane, Content Lead for Broadband World Forum reflects on the growing opportunity for operators and service providers in the connected home market.

New research from Ovum* recently indicated that the consumer market will remain by far the largest source of revenue for network operators ($1.14 trillion by 2023) and while Broadband will account for 72% of this revenue at $800 billion, growth will slow as markets mature. But revenue from digital services is expected to see significant growth.

Indeed, new market analysis reveals how how critical the connected home market is becoming – revenue from digital services such as TV, digital media and the smart home is set to reach $735 billion by 2023*

At this critical time, Broadband World Forum provides the connectivity community with a powerful space in which to learn, network and collaborate. Taking place from 15-17 October in Amsterdam, the event is supported by leading figures from the telco industry including BT, KPN, T-Mobile, NBN Australia, VEON, Altice Portugal and Hyperoptic among others. Senior representatives from leading regulatory bodies such as Ofcom, Anacom and BEREC will take to the stage alongside enterprise heavyweights such as BBC, Disney and Uber.

And, this year, this year BBWF will host a dedicated connected home track which will feature discussions with key operators such as BT, Liberty Global and Comcast, as well as innovative vendors and start-ups. Preceded by a Day 1 workshop on the same topic hosted by revered industry group, Broadband Forum and with keynotes from automotive leaders Renault and Uber, the importance of the connected home and connected industries for telco innovation is right at the heart of BBWF this year.

Julie Kunstler, Principal Analyst at Ovum, specialising in wireline/fixed broadband access, said: “While bandwidth demand is not slowing down among consumers, businesses, and cities, operators are adopting innovative strategies to become the winners in end-to-end applications and services. “Beyond the pipe” is permeating smart home, smart business, and smart city strategies. BBWF is the key conference and exhibition for learning about innovative operators and the ecosystem supporting this major transformation.” Julie will be chairing the keynotes at BBWF on 16th October.

Paul Palmer, Director of Business Development at F-Secure said, “Homes are becoming more reliant on their broadband connection every day, as the attacks against IoT devices grow both in number and intensity. Service providers can prepare for the future by securing the devices and appliances people rely upon most—driving increased loyalty from our customers. At BBWF, the industry’s leaders can turn vulnerabilities into opportunities.

In addition to thought leading content the event hosts a large exhibition which includes the Broadband Forum interop pavilion, two free content theatres hosting a start-up showcase and pitch off, as well as the full broadband ecosystem with key players including Nokia, Huawei, ADTRAN, Intel bringing their latest network tech and demos, as well as emerging start-ups looking to establish themselves in the industry.

BBWF attracts 4000+ attendees each year and 2019 is set to be bigger and better than ever, attracting attendees from 95 countries and every point in the broadband value chain.

Sandra Motley, President of Nokia’s Fixed Networks Business Group, said: “The Broadband World Forum is a premier event that gives operators from around the world access to the latest innovations they need for their network evolution journey. We’re excited to once again be a part of this influential event and look forward to sharing how innovations like intent-based automation can revolutionize the future of broadband access.”

*Ovum Smart Home Services Forecast Report 2018-2023

 

Want to be in Amsterdam with us? For free access to the exhibition hall, networking areas and 2 free content theatres, register for your visitor ticket here.  For full access to the 200+ speaker line up, 4 conference tracks and keynotes, you can book a delegate pass here.

BBC set to take on Google and Amazon in the digital assistant game

The BBC has announced it will challenge Google and Amazon in the digital assistant market, with its own version built to understand regional dialects.

Although it is still early days with many questions still to be answered, the working name for the digital assistant will be ‘Beeb’. What, we hear you say (and would you double dare to ask ‘what’ again?), but the state-funded entertainment service will attempt to prove its software engineering smarts match-up to that of Silicon Valley’s finest.

“Around one in five adults have a smart speaker in their home – and millions more have voice-activated devices in their pockets – so there is growing demand from people to access programmes and services with their voice,” a BBC spokesperson said.

“But people are concerned about how these devices use their data. Much like we did with BBC iPlayer, we want to make sure everyone can benefit from this new technology, and bring people exciting new content, programmes and services – in a trusted, easy-to-use way.  This marks another step in ensuring public service values can be protected in a voice-enabled future.”

The selling point of the voice assistant is an interesting one. While those on the other side of the pond might want to monetize data collected through digital assistants, the BBC has promised an experience “free of commercial interests”. That might sound attractive to those who do not trust the internet giants with their personal data, but first and foremost, the BBC has to create an offering which is as good, if not better.

The voice user interface is becoming increasingly popular with consumers around the world, though it is another way in which the trust with the consumer can be broken. Few might consider their voice a potential risk, though with banks and other sensitive services using voice for identification and authentication, it will certainly become one (assuming it isn’t already of course).

With the BBC brand viewed by many favourably around the world, this could be an interesting element. The press statement is already laying the concept of trust on thickly, and we suspect this will be an important tool for the communications team in the future. Especially considering Silicon Valley constantly seems to be shooting itself in the face.

Another interest element is the regional dialects of the UK. While we all might sound the same to those from outside the isles, the difference in regional accents is very apparent to a Brit. In offices around the UK, BBC employees will be asked to record a couple of minutes of audio footage to help the team train the digital assistant in the variances of the UK.

The world is changing, and changing very quickly, therefore there is a risk the BBC could be left in the analogue age. Linear TV is dying, and while there might be generations who are sticking with the traditional means of entertainment, it won’t be long before the gathering around the TV is a nostalgic memory.

The BBC iPlayer has proven to be very successful, and this is another way in which the BBC is proving its relevance in the digital economy. What remains to be seen is whether ‘Beeb’ can compete against the smarts and head-start Silicon Valley has.

China to lead the world on smart assistant adoption – Canalys

Canalys is forecasting China to be the biggest adopter of smart assistants by 2023, with an install base of 5.8 billion.

Though the US will claim to be the leader today, over the course of the next four years, Canalys forecasts a boom in China. The team suggests 5.8 billion devices will be installed across the country, twice as many as the total in the US.

“The growing Chinese middle class is relentlessly pursuing a higher standard of living, and smart appliances will play a major part in their vision of the ideal home,” said Canalys Research Analyst Cynthia Chen.

“Appliance makers Haier, TCL and Hisense are changing their strategies to capture the trend early. Even the retailer Suning and smartphone vendor Xiaomi are aiming to disrupt the market.”

This is perhaps where the consumer IOT and smart assistant segments will receive the greatest drive for momentum; adoption from traditional consumer electronics and appliance manufacturers. Companies like Google and Amazon can push new technologies to a degree, but consumer trust will be earned when traditional and credible brands in the consumer product space start integrating ‘intelligence’.

The idea of a smart assistant has almost been normalised, though usage is still incredibly limited. As consumers, we have not given up on the touch user interface, though as more assistants appear on air conditioning units, door locks and refrigerators, the more normalised the idea will become. And it seems the Chinese will be high up on the adoption list.

Canalys estimate each Chinese household will own an average of seven smart assistant-compatible home devices by 2023, with the large appliance category proving to be the biggest contributor to growth. However, smart phones will of course be the main device category for smart assistants in 2023.

“Chinese smartphone vendors, such as Huawei, Oppo and Vivo, are shifting their strategies to create IoT ecosystems with smart assistants, especially targeting homes with smart speakers and smart assistant-compatible devices,” said Canalys Senior Analyst Jason Low. “Having such devices work together seamlessly, especially across brands and platforms, to create new intuitive use-cases remains an industry-wide challenge for vendors around the world.”

Google is now leading the European smart home segment

The smart home is increasingly becoming normalised in the eyes of the consumer, and Google is leading the way in Europe.

According to IDC’s Quarterly Smart Home Device Tracker, the smart home segment is growing healthily though there doesn’t seem to be any one manufacturer dominating the space. Google is holding down the largest market share, thanks to its smart speaker products, though there are gains for a quite a variety of products.

“Google had a stellar quarter and was the clear winner in the first quarter, reaching an important milestone in Europe,” said Antonio Arantes of IDC. “Google continues to expand to new countries and support new native languages at a faster pace than Amazon. This is also contributing to strengthening its position in voice assistant platforms.

“Google Assistant was present in 49.2% of all smart speakers sold in Europe in the first quarter of 2019. Meanwhile, Amazon faced supply issues, with the Amazon Echo Dot being out of stock in some countries for several weeks, leaving space for Google Home products to grow.”

The indirect win for Google is perhaps the most important aspect of this momentum. One-off sales to consumers are all well and good, but another interface with consumers offers recurring revenues through third-party relationships and advertising opportunities. This is more in-line with the traditional business model for Google.

This is far from the end of the story however; smart speakers should still be considered a niche segment though growth is impressive. The smart home market is forecast to reach 107.8 million units in 2019, up 21% year-on-year, before hitting 183.9 million a year in 2023.

Looking at the winners across the smart home segment as a whole, it’s the traditional consumer electronics heavyweights who are winning (aside from the smart speaker segment):

Brand Shipments (in 000’s) Market share
Google 3575 16.8%
Samsung 2853 13.4%
Amazon 2810 13.2%
LG Electronics 2129 10%
Sony 1231 5.8%
Others 8670 40.8%

Looking at the segment growth, home entertainment products are the largest area collecting 55.4%, while smart speakers sit in second place with 21.4%. Lighting, home security and thermostats collectively accounted for 20.8% of the smart home market, with IDC predicting 27.11% CAGR between 2019 and 2023. By 2023, these products could account for an additional 9.5% market share.

LG muscles in on competitive AI chip space

LG has unveiled has developed its own artificial intelligence chip in an attempt to muscle in on this increasingly competitive segment of the semiconductor market.

The AI market is proving to be rewarding for those who can prove their worth, and each day there seems to be a new ‘thought leader’ entering the fray. While there is a feeling AI could benefit application developers (Uber, Cruise, Waymo etc.) and internet companies (Amazon, Google, Microsoft etc.) more than the semiconductor giants, there will be winners and losers in this segment also.

“Our AI C​hip is designed to provide optimized artificial intelligence solutions for future LG products,” said IP Park, CTO of LG Electronics. “This will further enhance the three key pillars of our artificial intelligence strategy – evolve, connect and open – and provide customers with an improved experience for a better life.”

Nvidia might have made a run at this segment in the early days, though considering its experience lies in gaming applications, whether it can mount a serious challenge remains to be seen. Graphcore is one which has attracted investment from the likes of Dell, Microsoft and Samsung, while AMD, Intel, Huawei, Google and Qualcomm (as well as numerous others) are making this a very competitive space.

As with Intel in the PC-era and Qualcomm’s continued dominance in mobile, some might suspect there might be a clear leader in AI also.

LG has stated its chip will feature its proprietary LG Neural Engine to better mimic the neural network of the human brain. The aim is to distinguish space, location, objects and users, while hoping to improve the capabilities of the device by detecting physical and chemical changes in the environment. As with every AI plug, LG is also promoting the ability of on-device processing power.

Looking at the approach from LG, the team are targeting quite a niche aspect of the AI segment; the smart home. This makes sense, as while LG has a smartphone business, the brand is perhaps primarily known for its home appliances range.

During the last earnings call, the LG mobile business continued to struggle in a sluggish and cut-throat market, reporting a 29% year-on-year drop to $1.34 billion, though the home appliance market soared. Revenues and profits soared to record levels, accounting for more than 80% of the total profits for the business over the three months.

Future products, such as washing machines, refrigerators, and air conditioners will be fitted with the devices, as ‘intelligence’ and personalisation become more common themes in more generic and everyday products.

Maybe the smart toilet isn’t that far away after all.

Amazon’s vigilante division Ring moves into crime reporting

Internet retail giant Amazon is making a big push into the neighbourhood watch world and now it even wants to report on local crime itself.

This is what is indicated by a recent Amazon job listing, which is looking for a News Managing Editor, who ‘will work on an exciting new opportunity within Ring to manage a team of news editors who deliver breaking crime news alerts to our neighbors.’ Ring, which makes connected doorbells with mounted video cameras, was acquired by Amazon for around a billion bucks last year.

Why would a smart doorbell outfit want to get into crime reporting? Good question, the answer for which seems to be found in the Neighbors by Ring app. This app essentially creates a local social network through which virtual curtain-twitchers can share footage of an undesirable types they’ve spotted lurking around their property through their sentient doorbells.

The idea is clearly an attempt to bring the concept of neighbourhood watch into the connected era, which is fine on the surface. After all, who wouldn’t want to know if there are dodgy people in their area? But as we’ve seen with regular social media, this does have the potential to create a self-reinforcing loop, with almost anything being potentially identifiable as a threat. And then there are the privacy and legal implications of sharing an image taken of someone without their permission and flagging them as a likely criminal.

Rather than seeking to minimise the possibility of this app whipping paranoid communities into a fervour of vigilantism, Amazon seems to think even more crime reporting is needed and is prepared to invest in it, hence this appointment. According to the job spec this person needs to have ‘a knack for engaging storytelling that packs a punch’.

The Neighbors by Ring app page paints a picture of a network of parochial snitches with the cops on speed dial, an Orwellian dynamic that’s sure to end well. The underlying strategic aim for Amazon seems to be to create as big an installed base of Ring doorbells as possible to drive demand for its nascent in-home delivery service. But it may inadvertently end up driving demand for handguns, snarling guard-dogs and panic rooms in the process.

 

Google wins first round in the battle for the living room

Smart speakers were only about developing a new dynamic in the relationship between the OTTs and the consumer, and Walmart’s new ‘Voice Order’ feature is a taste of things to come.

The new initiative from Walmart is perfect for the Google smart speaker ecosystem, as it plays to the strengths of the internet giant. By simply saying ‘Hey Google, talk to Walmart’ consumers will be able to use their voice to build shopping lists with the grocery mammoth, using any device which has the Google Assistant installed on it.

“With the new voice ordering capabilities we’re building across platforms with partners like Google, we’re helping customers simply say the word to have Walmart help them shop … literally,” said Tom Ward, SVP of Digital Operations at Walmart US.

Of course, the application will not be perfect to start with, but as with anything intelligence related it can be trained and personalised to each individual. At the beginning, users will have to specify what products to put into the cart, but soon enough the virtual assistant will remember these purchases. Saying ‘milk’ won’t put any brand or product into the cart, but the one you bought last time.

This is the futuristic world Silicon Valley had in mind when it started rolling smart speakers out to the world, and we imagine it won’t be too long before the innovation starts catching on.

Although some might suggest Google and Amazon have ambitions to disrupt the audio industry with the launch of their own smart speakers, this was most likely a ploy to drive user acceptance and demonstrate to the mainstream brands there is consumer appetite. If you actually look at the products which Google and Amazon have been championing, they would not compete with the calibre which could be manufactured by the likes of Bose or Bang & Olufsen, but it did start to get consumers using smart speakers.

Google and Amazon are the top-sellers of smart speakers across the world, with Amazon claiming to have now sold more than 100 million products, but the traditional audio giants are starting to release their own products. Sonos is releasing models, so is Samsung. But the traditional audio brands do not have the software smarts to create their own virtual assistants, this is where the likes of Google and Amazon come in.

Sooner or later, smart speakers will be the norm, with the internet giants battling for access to the consumer. A walled garden business model can be created, with the virtual assistant monetizing relationships between the consumer and a third-party. This creates a new dynamic between the consumer and Silicon Valley, offering more opportunities for the internet giants to sell to third-parties, and it looks like Google has won round one in the fight for control of the living room.

Walmart has said other assistants will be available to place orders before too long, but Google was selected as the first partner. This could mean one of two things. Firstly, Google nailed the partnership, commercial elements and technical issues to all for such a feature to be introduced. Then again, it could have paid for the right to be first.

Perhaps it should come as little surprise Google has won the first round here. While Amazon fortunes emerged from hosting an online marketplace and creating a dominant public cloud platform, this sort of feature is true to Google heritage. The Google dominance was created through software, intelligent algorithms and monetizing third-party relationships online. This is nothing more than an extension of this expertise onto a new user interface.

Whichever the case, it is largely irrelevant. Google is now ahead of Amazon when it comes to monetizing the voice user interface. This is a big step forward for the digital economy, and while it might be early days, it does give an indication of the futuristic world we are hurtling towards. With more ‘intelligent’ devices emerging, Google and Amazon could be set to become a lot more powerful and influential.

Plume hits the UK market

Mesh wifi specialist Plume has launched itself onto the UK market, brining with it a new service which aims to make consumer IOT more secure.

After success in the US market, eyes have been cast across the pond for Plume’s subscription service which it is describing as ‘adaptive wifi’. Not only does the company promise to improve wifi signal throughout the home, it is targeting security fears which may be arising due to more devices being connected to the internet.

“The ever-increasing demand for smart home performance coupled with the proliferation of IoT devices means connectivity and security are merging and must be addressed jointly and comprehensively,” said Fahri Diner, Plume’s CEO.

“Leveraging our scale as the operator of perhaps the largest software-defined-network in the world, our learnings gathered from a vast population of connected devices uniquely positions Plume to offer the most effective anomaly-based protection of IoT devices.”

Plume claims its software detects and monitors all connected devices around the home, learning patterns of normal device behaviour across a large population of similar devices, hoping to spot abnormalities in real time and immediately act to protect users. The power of this security feature does depend on scale, having enough data from similar devices to understand normal behaviour, but it does seem to be heading that direction.

The team is not only boasting of numerous ties ups with companies such as Comcast, Bell Canada, Liberty Global, and Samsung, but by open sourcing the device software middle layer the reach is extended further. As soon as an anomaly is detected in any of the devices on the network, it is immediately quarantined to prevent the risk of spreading the threat throughout the home’s network.

The product itself looks to be a useful innovation but priced at £99 for a starter hardware pack and £99 per year thereon, it might turn off increasingly cash conscious consumers. We suspect the direct-to-consumer model might not be the most successful but bagging a couple of telco partners could be an interesting play as a value-add.

Virgin Media gives some smarts to wifi

Virgin Media has unveiled a new, ‘intelligent’, router which it claims will bring faster speeds to more areas of the home.

With the telco world becoming increasingly utilitised, and advertising authorities rightly cracking down on the ‘creative’ marketing claims, new ideas will certainly be needed to capture the attention of the increasingly demanding consumers. And in fairness to Virgin Media, this is not a bad attempt.

“Delivering ultrafast broadband to help make Britain faster is what we do best at Virgin Media but making sure this translates into reliable in-home connectivity is just as important,” said Richard Sinclair, Executive Director of Connectivity at Virgin Media

“Intelligent WiFi will allow our customers to make the most of their broadband while also helping to easily overcome any connectivity conundrums around the home. With families using more devices than ever before, it’s vital they can all be online whenever needed. Whether it’s streaming UHD movies on Netflix, playing the latest games online or video conferencing, Intelligent WiFi has your back.”

Starting with the intelligence side of the router, should the software work the way it’s supposed to, this could prove to be a very interesting addition. Firstly, Channel Optimisation allows the router to choose the least congested channel to decrease the likelihood of traffic jams. Secondly, a Band Steering feature allows devices to switch between 2.4GHz or 5GHz frequency to optimise performance. Finally, Airtime Fairness suggests bandwidth will be allocated between devices depending on the demands of that device.

The term ‘intelligence’ is thrown around relatively flimsily nowadays, though should the performance of these features be at the desired level, this could prove to be a very useful product.

 

And while the ‘intelligence’ aspects are more likely to enthuse those consumers who are more geekily orientated, a new app to manage the wifi experience is answers a lot of the simple bugbears and first-world problems of connectivity.

One example is sharing wifi passwords. It might not seem like a revolutionary idea but being able to log into the app and simply send the wifi password to a friend or guest will save customers from the inevitable digging around behind the TV. This is not necessarily a feature which will win customers for Virgin Media, but enough of these little quirky features will improve the customer experience and loyalty.

Another area which the app addresses is ubiquitous connectivity. Being connectivity everywhere and all-the-time is a necessity nowadays, though consumers are becoming increasingly cash conscious. Through the app, Virgin Media customers can now connect to any Virgin Media wifi hotspots, of which there are 3.5 million around the UK.

Most importantly for Virgin Media, this take the brand outside of the customers home, and allows the company to support customers through the entire day. This is Virgin Media adding value into the customer’s lives, going beyond the assumed perimeters of a home broadband provider.

“UK consumers have an insatiable appetite for data across a wide range of devices that will continue to grow over time,” said Paolo Pescatore of PP Foresight. “As well faster download speeds, consumers want a better and reliable connection in all parts of their home. This is starting to be a highly sought after service among users.”

BT has been playing in this market for some time, which offers Virgin Media a blueprint for success. Patchy performance and an irritating log-in process perhaps gave the BT wifi play a bad name, though progress has been made across the public wifi space in recent years. Hopefully Virgin Media will have learned these lessons.

With connectivity increasingly heading towards the dreaded limitations of utility, it is becoming increasingly important for telcos to prove they can add value to other aspects of the customers life. This is certainly an interesting play from Virgin Media and should the features work, Virgin Media goes some way in proving it is more than just a utility.