It’s 2018, just about everyone has a Smart device of some kind. The most popular of which Smart devices include Siri, Alexa or Google’s Assistant. Well, according to a story from New York Times, a group of research students from the University of California, Berkeley, and Georgetown University have recently demonstrated how they can embed malicious code into Music. The music, playing over radio or even YouTube, can send commands to your Smart device. These commands can be enabling airplane mode, opening a website, purchasing something online, etc.

This month, some of those Berkeley researchers published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text. So while a human listener hears someone talking or an orchestra playing, Amazon’s Echo speaker might hear an instruction to add something to your shopping list.

“We wanted to see if we could make it even more stealthy,” said Nicholas Carlini, a fifth-year Ph.D. student in computer security at U.C. Berkeley and one of the paper’s authors.

Mr. Carlini added that while there was no evidence that these techniques have left the lab, it may only be a matter of time before someone starts exploiting them. “My assumption is that the malicious people already employ people to do what I do,” he said..

Thew story by the New York Post goes on to mention steps that Apple, Amazon and Google are taking to improve Security on their Smart devices:

Amazon said that it doesn’t disclose specific security measures, but it has taken steps to ensure its Echo smart speaker is secure. Google said security is an ongoing focus and that its Assistant has features to mitigate undetectable audio commands. Both companies’ assistants employ voice recognition technology to prevent devices from acting on certain commands unless they recognize the user’s voice.

Apple said its smart speaker, HomePod, is designed to prevent commands from doing things like unlocking doors, and it noted that iPhones and iPads must be unlocked before Siri will act on commands that access sensitive data or open apps and websites, among other measures.

Carlini said, ““We want to demonstrate that it’s possible and then hope that other people will say, ‘O.K. this is possible, now let’s try and fix it.'”

For now, you may want to keep your Smart device locked if its not in use. Which was already a good idea anyway.

The post Malicious Smart Device Code Embedded In Music appeared first on Rec0deD:88.