Project Alias hacks Amazon Echo and Google Home devices for privacy
More and more households around the world make use of voice controlled devices for all kinds of purposes. Once set up in a location, these devices may provide answers to questions, control certain devices, set up reminders, or do other tasks when interacted with.
Google Home or Amazon Alexa devices record these conversations; Amazon Alexa users may play previous conversions on Amazon websites. The devices are configured to record conversations only when users interact with them. The past has shown, however, that bugs or other issues may cause devices to record more than they should or unintentionally put recordings into the hands of others.
Project Alias is an open source solution that deals with the potential issue of voice controlled devices recording audio when they should not.
Basically, what it does is block the microphone of voice controlled devices so that they cannot record anything. It uses white noise to block audio from reaching the assistant.
The device reacts to an activation word or phrase of its own, and when users use the word, deactivates the blocking of the microphone.
Even better, the wake sound is trained locally on the device, there is no need to interact with the cloud for that.
Project Alias is not available as a retail product at the time. It needs to be build from scratch using a Raspberry Pi as the core. Instructions on building the device are available on the project's GitHub page and on Instructables.
The building requires access to a 3D Printer and soldering skills.
Closing Words
The "build yourself" nature of Project Alias limits the reach of the device significantly. Google Home or Amazon Echo device owners who want more privacy can use the device to block the microphone of the voice controlled devices by default.
Project Alias acts as a proxy and the device should appeal to privacy-conscious users who operate Amazon Echo or Google Home devices. It may look like an oxymoron to some, though.
Now You: Do you use voice controlled devices?
Unfortunately if you think you can actually live in a world without some device being able to spy on you whenever then you are living in a fantasy. Every single piece of new tech incorporates active listening devices into their make-up. From smart phones to smart TV’s they all actively listen and watch what you do. I guess you could live in the woods like a hermit and maybe avoid but if you even venture out into population you are being recorded on either camera or other people’s devices. I choose not to live in fear and embrace technology. The only reason I came to this site was to see if I could change the trigger word on my devices but I started reading the comments and felt I had to shed a little reality on this dark conspiracy theory filled area. LOL
The vast majority of the iot thingies are a solution in search of a problem. If there were no willfully lazy/ignorant people, would the market even exist?
But, that is just me (^_^)
“Do you use voice controlled devices?”
I do have a couple, but I do not (and never will) have any that require the use of someone else’s server.
Personally, I consider devices like Echo and Home to be foolhardy in the extreme, and I don’t understand even a little how people can be OK with their presence. But that’s their choice. Mine is to reduce the amount of spying I’m subjected to, not increase it.
“Do you use voice controlled devices?”
No, neither whatever IoT device, and have no intention of doing so. Hyper-connected 24/7/365 (even except February 29s) is not my world nor my dream.
@Tom Hawack & Anonymous dude
Well, I think it’s part of my fault to make this discussion a phone thing debate, but I’ve to say that both of your cases are too rare to make any more senses except for yourselves and, we also don’t have the right to decide how our friends and family members deal with their own voice controlled devices or other IoT gadgets. The fact is that there is even no need to use your phones to touch you at all (by an RFID tag implant in any of your personal belongings or big data analysis plus multimodal recognition based on your biological characteristics like your faces and different gaits you know). The only thing they need to do is just deploying their cameras with bunch of sensors for various types of telemetrics on all over the streets. Wanna access public services we provide? Please accept our ubiquitous social engineering attacks on you via our IoT facilities, otherwise how we can make sure you are not a threat to public security or, improve the quality of our services, provide more friendly user experiences, especially for the disabled, children and pregnant women? And those companies earn thousands of millions of dollars of profits by developing more precise surveillance technology and selling their equipments to national governments and individuals.
What I really what to express is that, I’m afraid and sorry that we may not have the right and freedom of not being used by an IoT device (or “you are unable not to use them all” if you like), no matter whether it is private of somebody or part of public utilities, consiously or unconsiously, directly or indirectly, unless when we were in the common part of our dream worlds.
In a civil society with individual liberty, we all approve that people should have freedom from fear. But cases have changed. We now have the freedom from fear of being bombed (at least for us ghackers talking here :-), but we may not have freedom from fear of being monitored and spied anytime, anywhere and anymore, even when we are alone in our homes in near future, which is kind of, you can say, interesting and excited some way you know.
https://www.scmp.com/news/china/science/article/2181749/chinese-technology-helping-new-york-police-keep-closer-eye-united
https://www.abc.net.au/news/2018-11-06/chinese-gait-recognition-tech-ids-people-by-how-they-walk/10469974
(of course the US of A and Five Eyes must be so love with it)
https://www.hongkongfp.com/2018/08/12/project-dazzling-snow-chinas-total-surveillance-experiment-set-expand-across-country/
“We now have the freedom from fear of being bombed”
I assume you mean terrorist bombings, not regular army bombings (by far deadlier when counting victims). Your safety in that matter has always been extremely high compared to the other small and large risks of life, the ones your politicians don’t want you to think about (as much). Such as ending homeless, or not being able to pay your hospital bills, or having to prostitute yourself, or being stabbed for money, or being beaten or shot by the police if you’re from certain places, or entering an army program that pays your studies and then being sent to die abroad in a military conflict.
I remember news for a single small bombing event that made a whole country so paralyzed with fear that millions of people were suddenly afraid to leave their home for the day. This demonstrates the level of totally irrational fear that western regimes are willing to instigate to manipulate populations.
Mass surveillance has nothing to do with bombing prevention. What makes terrorist bombings more likely is imperialist countries financing terrorism for their own purposes, starting wars everywhere, and having actually incentives for bombings to happen on their own soil once in a while to justify all their crimes against other peoples and their own.
Excuse me for correcting some of your statements. But you have to use a smart phone like everybody else, right? In many public mobile application scenarios, it is not “you use some of IoT devices” but them use your phones to touch you, which makes you almost unable to be offline completely or disconnected from tracking, not to mention cases in China. AFAIK, only two guys seem not using a phone, Stallman and Linus.
Personally I don’t use a smartphone. I have a dumb mobile phone that almost never leaves home ; even those allow position to be tracked and sold to anybody :
https://techcrunch.com/2019/01/09/us-cell-carriers-still-selling-your-location-data/
Not to mention that, more rarely, microphones may be hacked to record discussions. I have been a victim of such a targeted attack in my home, I’m not going to let that happen again everywhere I go by carrying a microphone with me all the time.
@Anonymous, “even those [mobile phones] allow position to be tracked and sold to anybody”
Well, what a surprise for me. I really thought cell phones were secure. For information your post is information, to me anyway. Maybe here in Europe do we have less to fear from cell carriers but I have no certitude, even less now.
A mad, mad, mad digital world. I’m really getting fed up.
@Anonymous, I’m back on this mobile phone privacy problematic.
We have to agree on terminology and read the techcrunch article you mentioned accordingly.
– Smartphone, we all know
– Mobile phone appears to include co-called feature phones and basic ones :
https://en.wikipedia.org/wiki/Mobile_phone#Feature_phone
“A feature phone has additional functions over and above a basic mobile phone which is only capable of voice calling and text messaging.”
I don’t know about you but what I use is a “basic mobile phone” and I’m not sure techcrunch’s article referred to those.
@Tom Hawack
There are different phone location tracking methods :
https://en.wikipedia.org/wiki/Mobile_phone_tracking
As far as I understand even the most basic mobile phone can be located by knowing which towers it connects to (and no need for a phone call for that). Then the smarter the phone is, the easier it is to locate it with accuracy, for instance by using GPS or recognizing neighboring wifi networks.
From another article linked in the previous one :
https://techcrunch.com/2018/05/17/locationsmart-didnt-just-sell-mobile-phone-locations-it-leaked-them/
“LocationSmart’s service appears to locate phones by which towers they have recently connected to, giving a location within seconds to as close as within a few hundred feet.”
“As far as I understand even the most basic mobile phone can be located by knowing which towers it connects to (and no need for a phone call for that).”
In the US, the law requires that the cell companies must be able to locate cell phones (all cell phones, not just feature or smart phones) with a fair degree of precision. This is intended for use by emergency services.
@gwacks, I entirely agree with you. The point is I don’t use any smartphone, only a mobile, mainly because the smartphone concept never pleased me (at home on PC, elsewhere direct link to life and people, otherwise I cannot enjoy music nor video on a few square inches) but also because, as you describe it perfectly, I dislike moving in life with a sticker on my back. As far as the mobile is concerned (phone & sms only) the number is shared only with close friends and I use it basically to call a taxi at 3 in the morning, like an emergency tool. I like taking my time for a walk, I’m lucky enough to be able to afford time gaps, wandering as I go to meet friends and not their digital extensions.
My digital reference is all in one pc, elsewhere I exist but for my friends and for myself.
Are “conversions” actually conversations?
Of course it’s an oxymoron. Someone who misunderstands the importance of privacy enough to tolerate such a spying device at home would never go through the pain of 3d printing and soldering to make a device like that.
I can’t believe they don’t let you change the code word on these things… one more reason to no get one.
Amazon supports changing the Wake Word: https://www.amazon.com/gp/help/customer/display.html?nodeId=201971890
The fact that somebody would be foolish enough to actually bring one of these devices in to their home in the first place suggests they have bigger issues with their judgement, than whether they seriously think the device isn’t continuously recording EVERYTHING going on in the room.
The assault on privacy is a serious business, but there’s no reason we can’t have a good laugh about it too. I’m reminded of this comic: https://xkcd.com/1807/
:)