How Google is trying to protect you and your Nest speakers from being hijacked

Stay updated on Telegram with latest updates from Google Home/Assistant  ecosystem.

The Google Assistant is built to keep your information private, safe and secure while helping make your life a little easier. Learn how the Google Assistant works to protect your privacy. Nest’s commitments to privacy and security. Google is looking to prevent “audio attacks” that involve ill-intentioned actors issuing false commands to your smart home system.

Devices like Google Nest/Home speakers are “capable of receiving, processing, and executing voice commands,” “In some instances, voice commands are preceded by hotwords.” And while it’s useful for you to simply say, “Hey Google,” the ease of use also makes these devices particularly susceptible to attacks. Google, has found a way to prevent this from happening.

Per the patent, the method in question seems to work a bit like two-factor authentication, whereby logging into one account requires you to verify your identity by entering a passcode sent to a different account. Similarly, in the new patent, Google suggests a system in which a speaker first receives a message indicating that an improper voice command has been detected by one device. Then, the system would determine a user account associated with this device, and find a second device associated with the same account. Finally, the system would send a message to the second device, either asking for verification of the original command or alerting the user that something strange is afoot.

“By monitoring its own audio output, a device can guard against fraudulently issued voice commands,” Google noted. “When a falsified voice command is detected, the model blocks the standard processing of voice commands to avoid execution of the fraudulent command.”

It is not entirely clear how or when this model will be implemented — even though Google has now patented the idea. But as concerns around internet-connected devices and their vulnerabilities grow, it certainly seems that such a system will soon be absolutely necessary.

Stay updated on Google News with the latest updates from Google Home/Assistant ecosystem.

Two years ago Nest shared our commitments to privacy to give you a better understanding of how our products work in your home. Today, we’re publishing new security commitments and putting it all in one place: Nest’s new Safety Center. The Safety Center is meant to give you a clear picture of the work Google is doing to build trustworthy products and create a safer and more helpful home.

Security commitments include standards Google has long held as well as updates that are specific to Nest’s connected home devices and services. Finally, we want to acknowledge the way this technology is evolving — for example, our recent announcements on Matter and our work on Project Connected Home over IP ). That’s why we’ve updated a small section in our privacy commitments to better reflect our focus on openness. Here are the details:

1. Google will validate Nest devices using an independent security standard. Google Nest connected smart home devices introduced in 2019 or later are now validated using third-party, industry-recognized security standards, like those developed by the Internet of Secure Things Alliance (ioXt). And they publish the validation results so you can see how these products hold up according to those standards. Before launching new products, Google will assess them against these standards to make sure they’re meeting or exceeding them.
2. Investment in security research to keep raising standards. Google Nest participates in the Google vulnerability reward program. This provides monetary rewards for security researchers outside of Google who test their products and tell the Nest Security team about any vulnerabilities they find. This helps the Nest Security team learn about and get ahead of vulnerabilities, keeping Nest devices in your home more secure for the long run.
3. Google helps protect your account security as the first step in safety. Your Google Account is your way into your Nest devices, and Google takes account security seriously. That’s why they help you keep your Google Account secure with tools and automatic protections like suspicious activity detection, Security Checkup and two-step verification.
4. Issues critical bug fixes and patches for at least five years after launch. Google works hard to respond to the ever-changing technology and security landscape by building many lines of defense, including providing automatic software security updates that address critical issues known to Google Nest.
5. Google Nest uses verified boot to protect your devices. All devices introduced in 2019 and after use verified boot, which checks that the device is running the right software every time it restarts. This helps make sure that no one has access to your account or control of your devices without your permission.
6. Visibility into which devices are connected to your account. All the devices that you’re signed in to will show up in your Google Account device activity page. That way, you can make sure your account is connected only to the devices it should be.

Interested in learning more about the Google Assistant  and Smart Home? Subscribe to WAV newsletter via Email.

A helpful home is a safe home, and Nest’s new safety center is part of making sure Nest products help take care of the people in your life and the world around you.