United States: Are Your Company’s Smartphones Vulnerable To Voice Deception?

More and more smartphone users talk to their smartphones to draft and send email and text messages, get directions, and search the Internet.  Apple has Siri, Google has Google Now.  Apps like utter! promise to bring voice command functionality to sites like Facebook.

What's the risk?  The BBC recently reported that voice-activated smartphones and other devices can pose a significant security risk.  An expert at a security firm found that some voice-activated systems responded just as well to fake voices as they did to the voice of their owner.  The expert was able to use a synthesized voice to turn on and control a smart TV.  Even more significantly for employers, voice-activated functions on Apple and Android smartphones were also vulnerable to deception using a synthesized voice.  The expert was able to send a fake message using an Android smartphone, telling everyone in the device's contacts that a company was going out of business.

The problem lies in the fact that devices do not ask for authentication of the voice giving the commands.  Until voice activation technology requires some authentication of the source of the voice, companies should think long and hard about whether they permit employees to password or forward data using voice-activation technology.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.