General security

Top 10 Threats from Unprotected Intelligent Personal Assistants (IPAs)

Ki Nang Yip
August 28, 2017 by
Ki Nang Yip

1.   Introduction

Intelligence personal assistants (IPA), also known as virtual personal assistant (VPA), is the rising star in the high technology industry. It is an intelligent software application that the user can inquire for information and make commands on their smartphone and other intelligent computing devices through natural language. Tasks such as searching information on the web, controlling a device remotely, looking for locations and addresses, scheduling an appointment, monitoring health data and medication schedule, as well as online shopping and financial transaction can be managed by IPAs.

The IPA market is recent and many developers are exploring opportunities to build an effective product. Several well-established companies have already introduced their IPAs to the market, for example, Apple’s Siri, Google’s Google Now, Amazon’s Alexa and Microsoft’s Cortana. They are all playing a significant role in shaping and shifting the user behavior in information searching and commanding. The IPA vendors are likely to focus on and pursue optimal user experience so as to be competitive in the market. Whatever makes the user feel comfortable and convenient to use their IPA will come first in the phase of user acquisition. Consequently, it is likely that both the vendors and users will neglect or compromise the security of using IPA in exchange for faster data exchange to get their answers of inquiries. Hence, the rapid development and advancement of IPA capabilities simultaneously generate security concerns. Although adopting IPA to manage our daily life and business is likely to be an unstoppable trend, it is indispensable to recognize the various security threats and vulnerabilities of IPA.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

2. The Top Ten Threats of Unprotected IPA

IPA is not immune to cyberattacks. Same as other software applications and hardware devices, it is crucial to be aware of the security concerns using IPA, in particular the possible consequences in case of hijacking. The following ten aspects demonstrate the threats of unprotected IPAs in various contexts.

2.1. Technical Threats of Bring Your Own Device (BYOD)

Nowadays, many companies allow their personnel to access to the company server or work with their personal devices. Companies can reduce the budget of hardware for personnel to save operation costs. Moreover, for businesses having 24/7 international operations and remote personnel, allowing the overseas co-workers to use their own devices to work is necessary for the companies to operate. In this context, the companies’ sensitive data is constantly exposed to unknown hardware and software security threats because the computing devices of the remote personnel might not be sufficiently secure. Most companies have a well-defined BYOD policy and security software to protect their digital assets. However, the popularization of IPA suggests one new security concern in the BYOD business environment. IPAs are always embedded in the devices and thus it might not be up to the remote employer or the user himself to switch it off. The IPA, especially when it is hijacked, can be constantly spying on and collecting information of the victim’s remote employer. This BYOD context can be the origin of a series of successive threats.

2.2. Eavesdropping

Hardware manufacturers and IPA developers declare that they do not spy on their user in their terms and conditions. This aspect is certainly regulated by laws. Nevertheless, it is still a hidden concern for the user that the voice recording/reception device may not be turned off when it is not in service. This scenario can be a product flaw, careless code bug or even an intentional backdoor for state intelligent service. Thus, to a certain extent, the IPAs may be running and collecting unceasingly the audio data of the user’s surroundings and conversations without the user’s acknowledgment. Furthermore, even though the IPA developer states that their collected voice data is uniquely for research and development purposes, there is always a risk for the database stored with this data to be hijacked by some malicious or unlawful person, so this research and development intention can be transformed to an eavesdropping tool.

2.3. Personal Information Exposure

Unlike other software applications, each of them with one specific task to manage, IPAs are multitasking, which means that they can crawl across different databases on the web and the user’s device to respond to the user inquiry. Such a capability is convenient yet threatening for the user at the same time. The security compromise of IPA will signify the compromises of all other services to which the IPA has access. For example, if the user uses the IPA to access to his bank account and make fund transfers, the IPA, its developer, and if unfortunately, the IPA hijacker will all learn the login details of the user’s bank information.

2.4. Data Theft

Same as text commands and search, audio recordings and IPA activity logs are valuable data registering the user activity. This information is stored on the device itself as well as one or multiple remote databases around the world. A compromised IPA can assist the hijacker to extract this data and exploit it to the fullest. The risk of data theft is at stake and it can lead to other security consequences, notably, identity theft and bio-authentication.

2.5. Voice/Audio Hijacking

IPA is a relatively new technology and many developers are still improving its voice recognition capabilities. However, despite that IPAs have witnessed significant enhancement in understanding the words and pronunciations of the user, little has progressed in distinguishing the voice between one user and the other. IPAs are good at interpreting the command structures and key words, whereas the ability to ensure the identity of the commanding person remains in question. This vulnerability arouses the command legitimacy problem. The IPA might execute the command based on the embedded algorithm without knowing the true identity of the commanding person. Furthermore, even though the IPA is capable of recognizing its legitimate user’s voice and ignoring the illegitimate ones, it is still possible to use recordings of the legitimate user’s voice to issue commands to the IPA.

2.6. Misinterpretation and Mis-execution of Commands

The weakness of not being able to distinguish the voice of the legitimate user evokes a further substantial problem. It can happen that the IPA is incapable of distinguishing jokes and real commands as it might not understand the attitude or the tone of the voice message. This problem can be intertwined with the aforementioned ones and led to undesired execution of commands. Imagine a friend of the user would jokingly tell the IPA to purchase ten pizzas. The IPA might follow suit.  This scenario is related to the physical security of the user’s device. It can cause considerable damages to the user if the pizza is replaced with ten fund transfers to another person’s bank account.

2.7. Autonomously Undertake Tasks

As discussed, IPAs are capable of accessing to multiple information sources and cross-referencing them within seconds to respond to the user’s inquiry. This capability can be scaring when the IPA has learnt the commanding patterns or the user has registered automated commands. For example, the user might allow his IPA to handle his monthly cell phone bill or do online shopping every week. Since the automated commands are connected to authorized payment, a hijacked IPA can change the buying list and delivery address or terminate the user’s automatic cell phone bill payment. The user might lose immediate control to stop outdated automated commands. As a result, his routine can be taken over by the hijacking party of his IPA.

2.8. Remote Malware Downloading

Following the previous rationale, insecure or breached IPAs can be instructed to visit certain malicious sites, bypassing device security restrictions so as to download and install malware on the device. It is true that this is a common security issue happening regularly on the desktop environment. Nonetheless, it is easier to spot and take immediate action to quarantine the contaminated areas when this security issue occurs on the monitor. The same security situation for a smartphone or other IPA enabled intelligent devices might be activated without the user’s presence or notice.

2.9. Risk Implications of Database Outsourcing

Securing the IPA on a personal level is no easy task. One step forward is to secure the supporting hardware beyond the façade of IPA. The power of IPA is ensured by large datacenters which can be located in different parts of the world. When it comes to the security of IPA and its data storage on the hardware, it is important not to neglect the voice commands are simultaneously stored on the ‘cloud’ and other remote datacenters. This situation implies that compromising another cloud-linked service of the user may enable a lateral compromise of his IPA dataset.

One further risk regarding the human/political aspect of this cloud and remote technical support background is that in case of a datacenter where a security breach happens in a foreign territory, it will evoke differences in privacy laws across continents. It is difficult to anticipate the employee ethics of a datacenter located in a foreign country and its impact on data security. Hence, it is possible that voice commands of public figures will be leaked and used maliciously.

2.10. Physical Security Concerns

IPA is not only used on smartphones, but also other intelligent devices. Many product concepts based on the Internet of Things (IoT) architecture are built with embedded IPA. The user’s physical security can be at stake in case the IPA is penetrated. One notable example can be the connected cars. New smart vehicles are built with advanced driver assistance systems (ADAS) enhancing the driving experience of the user. In case the ADAS cannot respond to commands like slow down, turn off the engine and lock/unlock the door, the driver’s life can be in danger. Similar situations can take place with IPA enabled systems such as smart home, smart building and smart restricted area management. Scenarios such as changing and erasing a voice command record as well as injecting malware through hijacking the IPA can block legitimate personnel to enter a building and allow access to illegitimate ones.

3. Conclusion

Indeed, IPA is an exceptional application of artificial intelligence and data science. It helps technology further approach people in a lively way. Nevertheless, its humane façade does not masquerade the fact that it is still a software program. IPA users and developers should be aware of the underlying risks and security considerations of IPA. Necessary cybersecurity measures are indispensable to prevent hijacking attempts. Otherwise, the intimate assistant, who knows everything about the user and has high security clearance to perform monetary tasks, can jeopardize its user without his notice. The consequences and costs could be colossal.

Please check out SecurityIQ, sign up for free, and start using our interactive AwareEd Security Awareness Modules to increase your online security savvy!

Ki Nang Yip
Ki Nang Yip

Ki Nang is a researcher in cybersecurity, industrial espionage and political science. He conducts his PhD research in Paris. He studies state-funded cyber-espionage, political impacts in cyberspace for corporate development, and new forms of cybercrime. In his spare time, he also follows cybersecurity and political issues in China, U.S. and Russia.