Overview
Explore the critical privacy concerns surrounding smart speakers in this HITB2018DXB conference talk. Delve into various case studies, including skill squatting attacks, eavesdropping skills, physical contact vulnerabilities, and hot mic issues. Examine the basic structure of smart speakers and understand why confidence in privacy protection is vital. Investigate the insufficient audit surface of these devices, covering network traffic monitoring, hardware bus analysis, and privacy indicator coupling. Learn about the power of user awareness and hardware solutions like the Macbook T2 Security Chip. Gain key takeaways on auditable and provable privacy measures for smart speakers, with a focus on hot mic duration and its implications.
Syllabus
Intro
Outline
Background
Motivation of Privacy Violations: SEC Filings
Case Study: Skill Squatting Attacks
Case Study: Eavesdropping Skills
Case Study: Physical Contact
Case Study: Hot Mic
Basic Structure of Smart Speaker
Summary for Hot Mic
Confidence is vital
Insufficient Audit Surface
Network Traffic Monitoring
Hardware Bus
Privacy Indicator Coupling
The Power of User Awareness
Macbook T2 Security Chip: Hardware mic disconnect
Key Takeaways
Hot Mic Duration
Taught by
Hack In The Box Security Conference