Study suggests its quite easy to hack smart speakers

German security research consultancy Security Research Labs has dropped a security bomb on Amazon and Google, questioning the competence of security features and reviews.

As with all these revelations, the vulnerabilities were shared with the two companies prior to being made public. The hacks which have been discussed this week have now been addressed by Amazon and Google, though it does demonstrate the awareness consumers need to acquire should these devices maintain their presence in the living room.

“Alexa and Google Home are powerful, and often useful, listening devices in private environments,” the firm said in a blog entry.

“The privacy implications of an internet-connected microphone listening in to what you say are further reaching than previously understood. Users need to be more aware of the potential of malicious voice apps that abuse their smart speakers. Using a new voice app should be approached with a similar level of caution as installing a new app on your smartphone.”

Although there is no such thing as 100% secure anymore, the competency of Amazon and Google has been called into question here. Vulnerabilities are nothing new in the digital economy, though the simplicity of some of these hacks are a little bit embarrassing for the internet economy’s poster boys.

The first hack is quite remarkable in the sense it is so simple. Security Research Lab created an application using the normal means and even submitted the application for review by the Amazon and Google security teams. Once the application had been green lit, the team went back in and changed the functionality, which did not prompt a second review from either of the review teams.

In this example, Security Research Lab created a fake error message to replace the welcome message to make the user think the application had not started properly, for example ‘this application is not available in this country’. After forcing the speaker to remain silent for an extended period of time, another message is introduced requesting permission for a security update. During this second message, the user is prompted to change his/her password, which is then captured and sent back to the Security Research Lab.

It is often said the simplest ideas are usually the best, and this is the same in the hacking world. Phishing is one of the most simplistic means to hack an individuals account via email, and this approach from Security Research Lab is effectively a phishing campaign translated to the voice user interface.

Amazon or Google would of course never ask a user for their password in this manner, but we suspect there are many users who would simply go with the flow. According to a Symantec security report, 71.4% of targeted attacks involved the use of spear-phishing emails so the approach clearly works. And now it can be applied to the voice interface.

While losing your password is a worry, the second hack unveiled by Security Research Lab is a bit more nefarious.

Once again, the application designed for the smart speakers are altered after the review from the security teams at Amazon and Google, however it is to do with when the speakers actually stop listening to the user. By introducing a second ‘intent’ which is linked to a command for the smart speaker to halt all functionality, the session can be extended.

In short, the device continues to listen and record its surrounding, before sending the data back to the attacker. This is obviously a very simplistic explanation, for more detail we would suggest following this link to the Security Research Lab blog.

Both of these examples are remarkably simple to introduce as the security review function of both Amazon and Google looked to be nothing more than a box-ticking exercise. Changes are seemingly ignored once the application has been passed the first time, offering a lot of freedom to the hacker. Both Amazon and Google will now have introduced new processes to block such attacks and improve the security review system, though it does appear to be a massive oversight.

Aside from the inadequacies shown here by Amazon and Google, Security Research Lab is perhaps demonstrating some of the biggest dangers of the digital economy; a lack of awareness by the general public. Most people download apps without checking the security credentials or reputation of the developer, and the same assumption could be made for growing ecosystem for smart speakers.

Google launches a bunch of hardware

Internet giant Google has launched the latest version of its own smartphone, together with a bunch of other stuff, as it continues to expand its hardware offering.

The tagline for the Pixel 4 smartphone is that it’s the most helpful version yet. On the surface this is a reference to Google Assistant, which has been beefed up with even more AI power to ensure it knows what you want before you do, thus sparing you the pain and indignity of having to do things like choose, decide, think, etc.

On those rare occasions when the phone feels the need to consult its owner about their best interests, it’s further assisted by improved speech recognition, which is now largely processed locally. This feature also enables a new voice recorder app that will be able to transcribe in real time – very handy for lazy journalists.

Other than that the Pixel 4 seems to come with all the expected bells and whistles; an improved camera, better chips, etc. You can possibly find out a bit more in the first of the videos below, we’re not sure if the motion sensor will be more help or hinderance. It will ship globally on October 24, costing $799 for the regular one and $899 for one that’s a bit bigger.

On top of that Google also launched some new BlueTooth ear buds, a smart speaker called the Next Mini, a wifi router incorporating the Next Mini called Next Wifi and a new laptop called the Pixelbook Go. Goole has been generous with its YouTube videos for this launch so we’ll let them do the rest of the talking.

 

The battle for smart speaker market domination goes global

The latest smart speaker market data from Canalys shows significant gains from Chinese vendors and an international shift from the US giants.

The whole sector is on a bit of a tear, with unit shipments jumping 55% year-on-year, showing there is considerable appetite among the general population for totally surrendering the details of their lives to internet behemoths. Perhaps desensitized by their own government’s Orwellian levels of intrusiveness, the Chinese seem especially keen to embrace voluntary surveillance.

As a consequence shipments of the smart speakers made by Baidu, the Chinese equivalent of Google, exploded to 4.5 million in Q2 2019 from a standing start a year ago. China, with its population of 1.4 billion technophiles, can do that for you, but Baidu must be doing something even Alibaba and Xiaomi aren’t because it has overtaken both of them, as well as Google itself, to grab second place among global vendors.

canalys smart speaker q2 19 table

“Aggressive marketing and go-to-market campaigns built strong momentum for Baidu in China,” said Canalys Research Analyst Cynthia Chen. “The vendor stood out as a key driver of smart displays, to achieve 45% smart display product mix in its Q2 shipments. Local network operator’s interests on the device category soared recently. This bodes well for Baidu as it faces little competition in the smart display category, allowing the company to dominate in the operator channel.”

So it looks like standalone smart displays are lumped in with the speakers and that’s what Baidu is doing well. There’s little sign that the company will be honest enough to rebrand its smart displays from ‘Xiaodu’ to ‘Lao da ge’ but you never know. Rather worryingly for Google, the other reason it lost second spot is that its own shipments declined year-on-year.

“Amazon and Google are focused on growing their business outside the US,” said Canalys Senior Analyst Jason Low. “Google’s transition to the Nest branding while pivoting to smart displays proved to be a challenge, especially as it has begun rolling out its Nest Hub smart display globally. Google urgently requires a revamped non-display smart speaker portfolio to rekindle consumer interest, as well as a robust marketing strategy to build its Nest branding outside of the US.”

You can see evidence of this international pivot in the chart below, with at least half of Amazon and Google’s shipments now coming from outside the US, compared to more like a third a year ago. “Despite feeling upbeat about the market outlook, vendors are wary about the price sensitivity towards the relatively new category of smart displays,” said Low.

canalys smart speaker q2 19 chart

The smart speaker revolution isn’t quite here yet

A survey on voice assistant use in the US reveals the majority of consumers hardly ever use smart voice assistants and even when they do it’s on a smartphone.

The survey was conducted by digital commerce strategy firm Sumo Heavy. It chatted to around a thousand US punters to find out what their voice assistant habits are. The first thing it found was that 46% have never used  voice assistant and that 19% do so rarely, which probably means they did it once out of curiosity and concluded they didn’t fancy it.

sumo slide 1

So that means less than a third of US consumers use voice assistants with any regularity. Considering this sort of technology hit the mainstream when Siri was pre-integrated into the iPhone 4S back in 2011, it would be a stretch to say voice assistant adoption has exploded in the intervening 8 years.

The same could be said for smart speakers, which had their mainstream launch in 2014 with the launch of the first Amazon Echo. We have been led to believe they achieved near ubiquity in the subsequent 4-5 years but this survey begs to differ. By far the most common way of accessing voice assistants is smartphones, with smart speakers accounting for less than a fifth.

sumo slide 2

Unsurprisingly those people that do own smart speakers (Amazon is the clear market leader) use the voice assistant fairly frequently, with over half doing so at least once per week. Iphone users seem more into voice assistants than Android ones. Only 42% of regular voice assistant users ever buy stuff that way, but if they do it’s likely to domestic products or things like movie tickets.

Turns out real people sometimes hear what you say to smart speakers

The revelation that Amazon employs people to listen to voice recordings captured from its Echo devices has apparently surprised some people.

The scoop comes courtesy of Bloomberg and seems to have caught the public imagination, as it has been featured prominently by mainstream publications such as the Guardian and BBC News. Apparently Amazon employs thousands of people globally to help improve the voice recognition and general helpfulness of its smart speakers. That means they have to listen to real exchanges sometimes.

That’s it. Nothing more to see here folks. One extra bit of spice was added by the detail that sometimes workers use internal chatrooms to share funny audio files such as people singing in the shower. On a more serious note some of them reckon they’ve heard crimes being committed but were told it’s not their job to interfere.

Amazon sent Bloomberg a fairly generic response amounting to a justification of the necessity of human involvement in the AI and voice recognition process but stressing that nothing’s more important to it than privacy.

Bloomberg’s main issue seems to be that Amazon doesn’t make it explicit enough that another person may be able to listen into your private stuff through an Echo device. Surely anyone who knowingly installs and turns on a devices that is explicitly designed to listen to your voice at all times must be at least dimly aware that there may be someone else on the other end of the line, but even if they’re not it’s not obvious how explicit Amazon needs to be.

An underlying fact of life in the artificial intelligence era is that the development of AI relies on the input of as much ‘real life’ stuff as possible/ Only be experiencing loads of real interactions and scenarios can a machine learn to mimic them and participate in them. In case there is any remaining doubt, if you introduce a device into your house that is designed to listen at all times, that’s exactly what it will do.

Google investors slightly spooked by free-spending execs

Revenues might well be booming again at Google, but it seems shareholders are slightly concerned by increased costs, which is one of the fastest growing columns in the spreadsheet.

Looking at the final quarter, revenues stood at $39.3 billion, up 22% year-on-year, though traffic acquisition costs (TAC), what Google pays to make sure it is the dominant search engine across all platforms, operating systems and devices, were up by over $1 billion. Cost-per-click on Google properties were also down. A glimmering ray of sunshine was higher-than-expected seasonal growth for premium YouTube products and services.

Total revenues for 12 months ending December 31 stood at $136.8 billion, up 23% over 2017, while net income was back up to the levels which one would expect at Google, raking in $30.7 billion. The company is not growing as quickly as it used to, while expenses are starting to stack up. Investors clearly aren’t the happiest of bunnies as share price declined 3.1% in overnight trading.

“Operating expenses were $13.2 billion, up 27% year-over-year,” said Alphabet CFO Ruth Porat. “The biggest increase was in R&D expenses, with the larger driver being headcount growth, followed by the accrual of compensation expenses to reflect increases in the valuation of equity in certain Other Bets.

“Growth in Sales and marketing expenses reflect increases in sales and marketing headcount primarily for Cloud and Ads followed by advertising investments mainly in Search and the Assistant.”

Headcount by the end of the last period was up by more than 18,000 employees to 98,771. While CEO Sundar Pichai was keen to point out the business is continuing to invest in improving its core search product, diversification efforts into areas such as the smart speaker market, cloud and artificial intelligence are hitting home. Perhaps investors have forgotten what it’s like to search for the next big idea.

For years, Google plundering the bank accounts with little profit to offer. These days are a long-distant memory, but it is the same for every business which is targeting astronomical growth. You have to perfect the product and then scale. A dip in share price perhaps indicates shareholders have forgotten this concept, but Google is doing the right thing for everyone involved.

Some businesses search for differentiation and diversification when they have to, some do it because they have ambition to remain on top. Those who are searching because they have to are most likely reporting static or declining numbers each month and did not have the vision to see the good days would not last forever. Google is pumping cash into the next idea so when growth in its core business starts to flatten, something else can pick up the slack and pull the business towards more astronomical growth.

This is what is so remarkable about the ‘other bets’ column on the spreadsheets. It might have costs growth every single year, as does the wider R&D column, but having graduated the cloud computing business and most recently Loon, there are businesses which will start to contribute more than they are detracting. This is a company which never sits still, and this is why it is one of the most admired organizations from an entrepreneurial perspective. Shareholders might do well remembering this every now and then.

Looking at joy around the world for the final quarter, US revenues were $18.7 billion, up 21% year-over-year, while EMEA brought in $12.4 billion, up 20% and APAC accounted for $6.1 billion, up 29%. Revenues in LATAM were $2.2 billion, up 16% year-over-year. APAC and LATAM were subject to negative FX fluctuations, particularly in Australia, Brazil and Argentina.

In the specific business units, Google Sites revenues were $27 billion in the quarter, up 22%, with mobile collecting the lion’s share, though YouTube and Desktop contributing growth also. Cloud, Hardware and Play drove the growth in the ‘other’ revenues for Google, collecting $6.5 billion, up 31% year-over-year for the final quarter.

Although these diversification efforts are growing positively, there are also some risks to bear in mind. Firstly, the cloud computing business is losing pace with Microsoft and AWS. Google is making investments to attempt to buy its way through the chasm, but it will be tough going as both these businesses make positive steps forward also.

Secondly, some properties and developers are choosing to circumnavigate the Google Play Store, instead taking their titles direct to the consumer. This is only a minor segment of the pie for the moment and there will be a very small proportion of the total who actually have the footprint to do this (Fortnite for example), though it is a trend the team will want to keep an eye on. Perhaps the 30% commission Google charges developers will be reconsidered to stem dissenting ideas.

Finally, the data sharing economy which will sit behind the smart speaker and smart home ecosystem is facing a possible threat. Google will not make the desired billions from hardware sales, but it will from the operating systems and virtual assistant powering the devices. Collecting referral fees and connecting buyers with sellers is what Google does very well, though this business model might be under threat from new data protection and privacy regulations.

The final one is not just a challenge to the potential billions hidden between the cushions in the smart home’s virtual sofa, but the entire internet economy. GDPR complaints are currently being considered and potential consequences to how personal data is collected, processed and stored are already being considered. The Google lawyers will have to be on tip-top form to minimise the disruption to the business, and wider data sharing economy.

Costs might be up and while there are dark clouds on the horizon, Pichai and his executives are moving in the right direction. The lawyers can lesson the potential impact of regulation, but the exploration encouraged by the management team in the ‘other bets’ segment is what will fuel Google in the future. Costs should be controlled, but spending should also be encouraged.

Orange squares up to OTTs in battle for smart home

With it abundantly clear connectivity alone is not enough to meet the profitability ambitions of the telcos, Orange has made a fresh push to wrestle control of the smart home away from those greedy internet players.

As expected, the Orange and Deutsche Telekom partnership has flourished into a diversification venture. For Orange, the team will be launching the Djingo Speaker, while DT will be launching its own version branded the Magenta Speaker. These are fundamentally the same product, operated by the same AI, tailored for the individual markets.

New products should hardly come as a surprise, but this is the tip of the spear aimed directly at the useful ecosystem created by Amazon and Google in the smart home.

Originally the router might have appeared to be the logical focal point of the fabled smart home ecosystem, though inactivity from the telcos and aggressive deployment from the OTTs has seen this shift to the smart speaker. Orange’s Live Box will seemingly be the home of the connected services portfolio, though with the smart speaker the team now have an interface which is increasingly becoming normalised with the consumer.

The big question is whether Orange is able to demonstrate the value of itself as a provide to the customer, above and beyond what the OTTs can offer. And they are playing an interesting angle.

“The business model is based on the subscription charge,” said Stephane Ricard, Orange CEO. “We won’t squeeze your data to make money.”

With the world quickly turning against the data-sharing economy, thanks to governments gradually exposing the complicated nature of the data machine, this might be a useful statement to make. Orange will charge a subscription for the added value services, not use personal information as a commodity in the manner the OTTs are.

This is where Orange might find its first challenge. Less than one in four French citizens have a connected device today, aside from a smartphone, while only 10% make use of a digital assistant. The initial connected life services offered by Orange, linking up everything from connectivity to banking and entertainment, will be free, though monetization depends on luring customers to the more premium services, such as security.

This is one of the services which will be placed on top of the connected ecosystem created by Orange in the smart home. Working in partnership with Groupama, the Protected Home is a security solution which can be remotely managed by the user. There will be future joint ventures and solutions launched on top of the smart home ecosystem, but Orange needs to convince the user it is worth it in the first instance.

With low penetration of connected devices and virtual assistants, the French clearly aren’t that enthused by consumer IOT right now. Perhaps the Orange brand, a trusted and credible company in France, can change this image. Though whether it can compete toe-to-toe with the likes of Google and Amazon in developer power, remains to be seen. We doubt it, though perhaps the world does not need an overly complex virtual assistant right now.

Users don’t need a virtual assistant to restock fridges, or arrange meetings, they just a link to control the smart home. This is an area which the user is still getting used to, therefore perhaps its inability to create an overly-complex and super-intelligent virtual assistant will work in its favour?

Orange’s ambition is to be a multi-service vendor with connectivity acting as the bridge between various different services. The banking venture is now a year old, making steady progress, and the team will hope the same success can be replicated in the smart home segment.

Share price drops for both Amazon and Google after quarterlies

Despite reporting quarterly numbers most companies would kill for Amazon and Alphabet share prices dropped by 8.6% and 5% respectively due to investor disappointment.

More than anything else it shows the high demands of investors but also the confidence which is being placed in the internet giants. With Amazon reporting a revenue increase of 29% to $56.6 billion for the quarter, while Google parent company Alphabet reported $33.7 billion, up 21%, the expectations are certainly high.

Starting with Amazon, the revenue increase of 29% paled in comparison to the more than 10X lift in net income to $2.9 billion. While this would be a regular cash bonanza for most companies around the world, sales guidance between $66.5 billion and $72.5 billion for final quarter were lower than what the market wanted to hear. The more coy guidance for Amazon’s busiest quarter resulted in the 8.6% drop, after confidence during the day sent stock up 7%.

In Google’s HQ the story was slightly different. Revenues of $33.7 billion, up 21%, and net income of $9.1 billion, compared to $6.7 billion in 2017. Shares were down 5%, following a 4.4% rise across the day, after sales figures did not hit the expected heights. The last three months have been a tough period for investors to swallow with various scandals dropping share price by 8.8% over the last three months.

Of course, it wasn’t all bad news. The cloud unit for both businesses is continuing to rack up revenues with AWS up 45% to $6.7 billion across the quarter and Google’s other revenues segment, which features cloud up 29% to $4.6 billion. Encouragingly for both, Gartner estimates the worldwide public cloud services market is projected to grow 17% percent in 2019 to total $206.2 billion, up from $175.8 billion in 2018. IaaS is set to get the largest boost, forecast to grow 27.6% in 2019 to reach $39.5 billion. With so many businesses around the world citing a cloud-first approach, it’s amazing to think only 10% of workloads have been moved into the cloud.

The relatively new venture into the world of smart speakers and virtual assistants is proving to be a continued success story as well. For Amazon, the number of Alexa-compatible smart home devices has quintupled to more than 20,000 devices from 3,500, while the team have also started to launch new products such as a smart home security solution (Alexa Guard), and Alexa is expanding what it can give updates on as well, such sports with predictions, live streams, cooking instructions and maths homework. For Google. the Assistant has expanded to 20 languages and 76 countries, while the devices with screens will help YouTube business, which is attempting to blend in more direct response adverts as well as branding to its proposition.

There will of course be short-term wins for the pair in this space, but this is a long-term bet. Once the idea has been adopted by the mass market, the opportunities to make money through third-party relationships will be quite remarkable. Search revenues can be moved into the voice domain (effectively anywhere) and look how profitable search has been for Google. This is only one way to make money, but both Amazon and Google are putting themselves in a remarkably strong position for the future.

Both businesses might have suffered in the last 24 hours but they are still in incredibly dominant positions. The cloud units still have incredible growth potential, while the smart speaker ecosystem is starting to become a reality. For Google, the is delivering amazing profitability but sales growth does seem to be slowing slightly. Amazon is delivering on the North American market but the business is not as effective on the international scene, posting a loss of $385 million.

There are issues, but these are nothing compared to the billions being raked in and the growth potential in new, lucrative markets.

Google adds some Pixels

Internet giant Google ramped up its involvement in the consumer hardware space with the launch of new Pixel branded smartphones and tablets as well as a home hub.

The Pixel 3 and its XL variant offer both an industrial design and spec upgrade on their predecessors. Initial impressions indicate the redesign is well received and the spec upgrades are significant. There also seems to be more AI stuff going on, including a call screening functions that taps into Duplex technology to save you having to interact with a caller if you’re not sure about them.

Google debuted a new device category in the form of the Pixel Slate – a tablet running Chrome OS that seems to be positioned as a direct competitor to Microsoft’s Surface product range, with an emphasis on hybrid laptop functionality. Once more initial takes seem positive, especially about its attempt to be the best of both worlds, although the full range of requisite peripherals and accessories does make it an expensive proposition.

Lastly we have the Home Hub, which is an AI-driven smart speaker with a 7-inch screen that will compete with equivalent products from Amazon and Facebook. One big difference is that Google is making a virtue of it not having a camera installed in an apparent bid for people to take it into the bedroom or even the bog. There’s also a physical mute switch to prevent the device listening to you, which seems like a good say to allay fears about being spied on by Google, but does call into question what the point of the device is.

“Our goal with these new products, as always, is to create something that serves a purpose in people’s lives – products that are so useful they make people wonder how they ever lived without them,” said Rick Osterloh, VP of Hardware at Google. “The simple yet beautiful design of these new devices continue to bring the smarts of the technology to the forefront, while providing users with a bold piece of hardware.”

The Pixel 3 starts at £739, with the XL coming in at £869. The Slate starts at £549 without peripherals, while the Home Hub will set you back £139. Google has managed to throw down the gauntlet to the majority of the consumer tech world with one set of launches, which is fun, but time will tell whether any of them are able to claim significant market share. Here’s a vid.

 

Connected speakers could refresh smart home euphoria

Enthusiasm for connected devices is on the rise, but it’s taking the buzz away from smart appliances and the smart home category on the whole.

According to research from GfK, products which are geared towards improving connectivity and entertainment are gaining traction in the market, though this is replacing the appetite for smart home appliances which are geared towards efficiency and functionality.

“Take-up of smart home products in the UK continues to rise, with interactive speakers the hot product of the last year,” said Trevor Godman, Divisional Director at GfK. “In contrast however, the level of consumer excitement about smart home as a category has lost momentum somewhat – particularly for smart appliances and smart health products.  As smart home pivots to the mass market, it is essential that manufacturers look at what is holding consumers back and communicate compelling benefits that capture consumers’ imaginations.”

While Godman is taking a rather negative approach to the trends, we do not see it in the same light. The idea of the smart home, and various devices in the kitchen or around the house being connected and programmable is not a new idea. The smart fridge or connected light bulbs have been around for years without stimulating enough momentum for the segment to really take off. A creative spark was needed to engage consumers and offer an attractive proposition, unfortunately, smart energy readers do not offer this. Smart speakers and TVs do however.

For the mass market to embrace new ideas, there needs to be genuine excitement. Being able to switch the light in the living off with your smartphone might be functional and useful occasionally, but the smart speakers capture the imagination of the consumer. These are products consumers would actually want to buy, instead of a central heating system which reacts to the weather outside.

According to the research, the UK smart home market was worth £900 million in 2017, making it the second largest market in Europe. It has also become the fastest growing, increasing by 19% in value from 2016 and 35% by volume. There are now 336 brands offering 3,777 smart home products, while 85% of the UK’s online population now own at least one smart product, and the number owning four or more has grown from 35% last year to 44% this year. The fastest growing segment is smart speakers, though this does seem to be at the expense of other categories.

Manufacturers of smart cookers or connected mirrors might look at these statistics and worry, though GfK suggests consumers who plan to buy a smart device or appliance in the future have their sights set on a wide range of products. The smart home might have failed to deliver over the last couple of years, though the accessibility and entertainment value of smart speakers does seem to open up consumers to new purchases.

The purchase of smart home devices might not be growing across the board, but that isn’t necessarily awful for those who have their eyes on the long-game. Smart speakers are normalising the idea of the connected economy. Once the basic concept has been accepted by the mass market, the opportunity to sell becomes significantly easier as value is more readily realised and accessible.

Philips might preach about the benefits of a smart central heating system, but the frivolous purchases were needed to normalise the segment first. The smartphone ecosystem didn’t explode overnight, there were years of adoption as the touch user interface become second-nature, the same could be said here. Frivolous purchasing is needed before the connected bug can spread throughout the home.