Digital Voice Assistants: New Front in War on IoT Hackers

As the Internet of Things (IoT) permeates further into our lives, the potential for hackers to line their pockets or disrupt  critical infrastructure moves increasingly from theory to practice. For those IT and business leaders looking for more guidance, check out our CLOUDSEC conference next week, 5 September.

We’ve already seen Ukrainian power stations crippled by malware, connected car vulnerabilities reach crisis point and even smart baby monitors hacked. Voice assistants are the latest piece of the IoT ecosystem to come under scrutiny. A new Trend Micro infographic highlights the key privacy issues, vulnerabilities and attack scenarios which could affect smart home users. For those IT and business leaders looking for more guidance, check out our CLOUDSEC conference next week.

Digital glue for the smart home

Anyone who has read the OWASP’s IoT Security Guidance will know very well the numerous parts of the IoT ecosystem which could be vulnerable to attack. Depending on what systems we’re talking about, the threats could come today from financially motivated cybercrime gangs, state-sponsored spies. Or even the manufacturers themselves, who collect an increasing amount of personal data via our smart devices.

The likes of Amazon and Google are increasingly marketing their voice assistant technologies as digital gateway to the smart home. It makes complete sense, both from a business perspective and a usability point-of-view. Digital assistants can be the glue that holds the smart household together, making us happier and more productive at home.

But there are inevitably risks. Every IoT endpoint is a potential gateway to the home or corporate network, and as such could allow hackers to reach highly sensitive data. There’s also the potential for them to remotely control devices, to switch off security alarms and other systems. Or even to launch DDoS attacks on other targets.

Where are the threats?

As our latest research reveals, hackers could potentially bypass authentication to issue ‘malicious’ commands by impersonating a user’s voice, or even hiding commands in music or manufactured sounds. They could compromise such systems’ communications with the cloud via Man in the Middle and DNS poisoning attacks. Other areas potentially at risk include unsecured WLAN, or hardware protocols and vulnerabilities.

Not to mention the potential for manufacturers to store and share with third parties sensitive user voice patterns and behavior profiles that could be a goldmine for hackers.


For those concerned about the wider implications of IoT threats, Trend Micro’s popular CLOUDSEC conference is back in September. This one-day event will welcome world-renowned academics, law enforcers, security professionals and vendors. They will share best practice advice and provide crucial insight into where the next threats are coming from.

The IoT is one of the key areas of focus at the show. Pen Test Partners founder Ken Munro will demonstrate the potentially devastating impact of an IoT attack on critical infrastructure. Trend Micro’s VP of Security Research, Rik Ferguson, will propose an innovative model to raise the bar on IoT security.

With just a week to go, places are going fast. To reserve yours, get in touch today!

What: CLOUDSEC 2017
When: Tuesday 5 September
Where: Park Plaza Westminster Bridge, London

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.