BT issue 16 VF - Flipbook - Page 49
ISSUE 16
§
THE PRIVILEGE PROBLEM
Some smart devices can be taken out of the box and
immediately plugged in and used with default – and
therefore usually insecure – settings. Obviously I have
never been a huge fan of default privacy and security
settings on the majority of smart (or almost any other)
devices even after Amazon and a number of other
technology giants have been forced to improve their
settings in order to better protect users from intrusive
practices by manufacturers or third parties.
Now, people don’t normally realise how easily the
devices themselves could be used as spying tools by
anyone (more precisely, the device’s admin) with illicit
intent. (Obviously it’s not a security vulnerability if
an admin can enable it via a checkbox – take note of
Law #6 in Microsoft’s Ten Immutable Laws of Security:
“A computer is only as secure as the administrator is
trustworthy”.)
So, I set up my Echo Dot with a unique and strong
password and enabled two-factor authentication using
an authenticator app, and connected it to my phone.
I was also able to connect it to my iPad with ease and
I was relatively happy with the security, I then went
to “Devices” in the app and selected my “Echo Dot”
and “Settings”, then enabled “Communication”. I then
tapped on the “Drop In” feature to enable it. Then back
in the “Communicate” tab, all I had to do was select
“Drop In” and select my Echo Dot and I was able to
listen in to the room that it was in. Easy as pie. I even
logged off my home Wi-Fi and connected via 4G to prove
I could easily do this from another remote location too.
When you Drop In and listen in to a room, the device
light ring displays a spinning green light and it also
makes a small ring sound to make those in the room
aware of the Drop In. I was unable to Drop In with this
light and sound turned off, but an unsuspecting victim
might not hear it or simply think nothing of it. After all,
these devices tend to make lots of sounds and always
seem to have coloured light rings for some reason.
I also decided to check the device logs via my app,
but unfortunately there weren’t any logs or anything
to suggest I had “dropped in”, which makes forensic
evidence more difficult in such a situation. Logs in Echo
Dot devices are called “Activity”, but there’s no way to
record the use of the Drop In feature.
spinning and she assumed the sounds were to do with
her self-claimed “deluge of Amazon purchases” and
other notifications.
She claimed that she simply thought that her Alexa was
listening for keywords, rather than allowing anyone
with her password to listen in
on her. She immediately felt uneasy, changed her
password, and made her phone the only device pairable
with her Echo Dot.
Her device has not made any strange sounds or lit up
unintentionally since, and she says she now feels far
safer.
IS YOUR HOME BUGGED?
There are lots of listening devices on the market, but
those hiding in plain sight (and not normally thought
of as ‘listening bugs’) are often the most commonly
used. It goes without saying that we should be aware of
their capabilities if they are going to feature heavily in
our homes.
As a result, it is vital that people follow a few tips when
using smart technology to remain safe and secure:
•
•
•
•
•
•
•
Always use strong and unique passwords
Enable two-factor authentication
Review the device’s settings
Only connect to devices that you own access to
Do thorough account maintenance – configure
user permissions and disable or remove accounts
if they’re not needed
Change the password if you suspect someone has
access to the account who shouldn’t
Turn off the device or disable listening mode when
having sensitive conversations
IPHONES AS LISTENING DEVICES
Lastly, aside from the perhaps more obvious devices
like smart speakers, did you know that Apple AirPods
can also be used as listening devices? Few people seem
to be aware that all that somebody has to do is turn
on an accessibility feature called Live Listen on their
iPhone and with AirPods in their ears, they can use the
phone, left in any room, as a listening device.
Who would suspect that an apparently “forgotten”
phone was actually a deliberately planted “bug”?
THE SPY IN YOUR SMART SPEAKER
Back to my friend now. When I asked her if there was a
chance her Echo Dot could have been used to listen in,
it seemed like she experienced a lightbulb moment. She
noted that her Alexa would often have coloured rings
Stay safe!
4 9
49