A Framework to Prevent Biometric Data Leakage in the Immersive Technologies Domain

Doubtlessly, the immersive technologies have potential to ease people's life and uplift economy, however the obvious data privacy risks cannot be ignored. For example, a participant wears a 3D headset device which detects participant's head motion to track the pose of participant's head to match...

Air fryers are the latest surveillance threat you didn’t consider

Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar. We've learned to expect that “smart” appliances come with privacy risks—toothbrushes aside—but I really hadn’t given my air fryer any thought. Now things are about...

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!

Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device. Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is...

Hacking Alexa through Alexa’s Speech

An Alexa can respond to voice commands it issues. This can be exploited: The attack works by using the devices speaker to issue voice commands. As long as the speech contains the device wake word usually "Alexa" or "Echo" followed by a permissible command, the Echo will carry it out, researchers...

CVE-2021-40043

The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4H100SP13C00. The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerabili...

CVE-2021-40043

The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4H100SP13C00. The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerabili...

Command injection

The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4H100SP13C00. The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerabili...

Input validation

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill in the case of remote attackers or by pairing a malicious Bluetooth device in the case of physically proximate attackers, aka...

Amazon Echo Dot 安全漏洞

The Amazon Echo Dot is a voice-activated speaker from Amazon.com. It can be used to play music, control smart home devices, make calls, answer questions, set timers and alarms, and more using Alexa. The Amazon Echo Dot 3rd and 4th generation has a security vulnerability that stems from improper...

Binary vulnerability in Xiaomi's Xiaoxia MINI smart speaker

Xiaomi Xiao Ai MINI Smart Speaker is a smart speaker product from Xiaomi Technology Company. Xiaomi Xiao-ai MINI Smart Speaker has a binary vulnerability that can be exploited by an attacker to allow the target speaker to receive voice commands...

What’s the real value—and danger—of smart assistants?

You've heard them called virtual assistants, digital personal assistants, voice assistants, or smart assistants. Operated by artificial intelligence, technologies such as Siri, Alexa, Google Assistant, and Cortana have become ubiquitous in our culture. But what exactly do they do? And how serious...

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

A team of academic researchers has tested the phonetic wherewithal of smart-home assistants Amazon Alexa and Google Home, finding it possible to closely mimic legitimate voice commands in order to carry out nefarious actions. The researchers, a composite team from Indiana University in Bloomingto...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound

What if your smartphone starts making calls, sending text messages, and browsing malicious websites on the Internet itself without even asking you? This is no imaginations, as hackers can make this possible using your smartphone's personal assistant like Siri or Google Now. A team of security...

Google to Introduce New Photo-Sharing Platform to Kill Instagram

Google is reportedly going to launch a new online photo-sharing service and storage option at its developer conference later this month, which Bloomberg says, will not be a part of its Google+ social network. At the moment, Google offers a photo sharing service known as "Google+ Photos," which...

Android new attack: Google Voice Search attack-vulnerability warning-the black bar safety net

Chinese University of Hong Kong researchers in the Preprint posted on the website of paper PDF, describes a novel permission to bypass attack method: Google Voice Search attack. An attacker can leverage a zero-permissions Android app VoicEmployer, front activationoperating system built-in voice...

Samsung Galaxy S3 screenlock bypass

Voice commands are available in locked state...

Hardware based malware steals contacts from all mobile platforms using only the Audio Jack!

Indian Security Research Atul Alex presented his surprise paper at the International Malware Conference, MalCon on what can be termed as the onset of next generation of hardware based malware that can target mobile devices irrespective of Platforms. Typically, one of the largest challenges for...

CVE-2012-0645

Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient...

Design/Logic Flaw

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...