This project is basically a "piggy back" contraption to be put over an Echo or Google device.
The gadget constantly send out noise to the "home assistant" until a specific word is said.
This supposedly should solve the allegedly privacy problem.
The fear many people have, is that the home assistant device (Alexa or Google) is always listening AND thus recording what people is saying in the room where the device is present.
So this contraption is constantly sending some noise to the device, listening for a specific word to wake it up, exactly like Alexa or Google do.
When the device hears it's name (usually Alias), it is waking up the home assistant with the correct wake word (like Alexa or Google) and then stop sending noise to the device.
Then when the home assistant terminate the answer and some delay, the gadget restart to send noise.
i.e. if the home assistant remain silent for a specified amount of time, then device will resume sending noise.
So this project gave me some interest to try to understand more in deep the Amazon Alexa universe.
I discovered a very interesting reverse engineering analysis.
From there we can learn that Echos are Android based devices, that most of the traffic between an Echo and Amazon is encrypted using TLS1.2 and that is quite difficult to create a man-in-the-middle type of attack even simulating a proxy.
Another analysis done by other people shows that only when the home assistant is waked up there is traffic toward the Amazon server.
This empirically shows that Alexa is not listening (aka sending data) to Amazon if not awake and thus the Project Alias should be quite useless.
An Echo device is supposed to don't have big memory to store locally everything said to be re-transmitted later to the servers.
Maybe more research should be done in this area, however with the knowledge acquired so far I would say that the gadget found is kind of ... overreaction.
Sure fun to do eventually.
No comments:
Post a Comment