How Google is trying to protect you and your Nest speakers from being hijacked

Stay updated on Telegram with latest updates from Google Home/Assistant Google Assistant ecosystem.

The Google Assistant is built to keep your information private, safe and secure while helping make your life a little easier. Learn how the Google Assistant works to protect your privacy. Nest’s commitments to privacy and security. Google is looking to prevent “audio attacks” that involve ill-intentioned actors issuing false commands to your smart home system.

Devices like Google Nest/Home speakers are “capable of receiving, processing, and executing voice commands,” “In some instances, voice commands are preceded by hotwords.” And while it’s useful for you to simply say, “Hey Google,” the ease of use also makes these devices particularly susceptible to attacks. Google, has found a way to prevent this from happening.

Per the patent, the method in question seems to work a bit like two-factor authentication, whereby logging into one account requires you to verify your identity by entering a passcode sent to a different account. Similarly, in the new patent, Google suggests a system in which a speaker first receives a message indicating that an improper voice command has been detected by one device. Then, the system would determine a user account associated with this device, and find a second device associated with the same account. Finally, the system would send a message to the second device, either asking for verification of the original command or alerting the user that something strange is afoot.

“By monitoring its own audio output, a device can guard against fraudulently issued voice commands,” Google noted. “When a falsified voice command is detected, the model blocks the standard processing of voice commands to avoid execution of the fraudulent command.”

It is not entirely clear how or when this model will be implemented — even though Google has now patented the idea. But as concerns around internet-connected devices and their vulnerabilities grow, it certainly seems that such a system will soon be absolutely necessary.

Stay updated on Google News with the latest updates from Google Home/Assistant ecosystem.

Two years ago Nest shared our commitments to privacy to give you a better understanding of how our products work in your home. Today, we’re publishing new security commitments and putting it all in one place: Nest’s new Safety Center. The Safety Center is meant to give you a clear picture of the work Google is doing to build trustworthy products and create a safer and more helpful home.

Security commitments include standards Google has long held as well as updates that are specific to Nest’s connected home devices and services. Finally, we want to acknowledge the way this technology is evolving — for example, our recent announcements on Matter and our work on Project Connected Home over IP ). That’s why we’ve updated a small section in our privacy commitments to better reflect our focus on openness. Here are the details:

  1. Google will validate Nest devices using an independent security standard. Google Nest connected smart home devices introduced in 2019 or later are now validated using third-party, industry-recognized security standards, like those developed by the Internet of Secure Things Alliance (ioXt). And they publish the validation results so you can see how these products hold up according to those standards. Before launching new products, Google will assess them against these standards to make sure they’re meeting or exceeding them.
  2. Investment in security research to keep raising standards. Google Nest participates in the Google vulnerability reward program. This provides monetary rewards for security researchers outside of Google who test their products and tell the Nest Security team about any vulnerabilities they find. This helps the Nest Security team learn about and get ahead of vulnerabilities, keeping Nest devices in your home more secure for the long run.
  3. Google helps protect your account security as the first step in safety. Your Google Account is your way into your Nest devices, and Google takes account security seriously. That’s why they help you keep your Google Account secure with tools and automatic protections like suspicious activity detectionSecurity Checkup and two-step verification.
  4. Issues critical bug fixes and patches for at least five years after launch. Google works hard to respond to the ever-changing technology and security landscape by building many lines of defense, including providing automatic software security updates that address critical issues known to Google Nest.
  5. Google Nest uses verified boot to protect your devices. All devices introduced in 2019 and after use verified boot, which checks that the device is running the right software every time it restarts. This helps make sure that no one has access to your account or control of your devices without your permission.
  6. Visibility into which devices are connected to your account. All the devices that you’re signed in to will show up in your Google Account device activity page. That way, you can make sure your account is connected only to the devices it should be.

Interested in learning more about the Google Assistant Google Assistant and Smart Home? Subscribe to WAV newsletter via Email.

A helpful home is a safe home, and Nest’s new safety center is part of making sure Nest products help take care of the people in your life and the world around you.


Things you can do from here:

3 thoughts on “How Google is trying to protect you and your Nest speakers from being hijacked

Add yours


  1. What I want from my Google home is to only allow voices from authorized users. just like my phone. If some random person walks up and says on Google it should just ignore them. it blew my mind how this wasn’t just standard.

    Like


  2. Beimg able to configure the assistant to not trigger when random sounds that are NOT the trigger phrases happen in the background would help more. The stupid thing keeps beeping and ducking the level of the instrumental music I’m playing .

    Like

Share your view

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Up ↑

%d bloggers like this: