Hello everyone who is much smarter than me. I recieved a text this morning from my sister saying she was startled by her google nest randomly playing another mans voice for a minute and then he started talking abour covid. I know these devices are not very secure, however im unaware of any attack on a google nest that isnt done close to your house through a wifi router or the crazy stuff using lasers to input commands. Do any of you know what likely happened? Can you access a google nest speaker remotely easily? I just couldnt find a whole lot on there speakers actually being hacked or even having random stuff play from them. Any info will be appreciated. Im going to go over and talk to her about keeping her cameras on a second network that isnt connected to the outside internet. But im not sure what to do with the nest speakers as those need outside access to internet to work prpperly. Ill try to get her to stop using it but my family doesnt care about the prpblems these devices bring.
I donât think Google/Amazon/Apple machines are supposed to play snippets of their victims to anyone except their staff, or the feds.
Iirc, they are not even supposed to share the clips with their business partners (but they probably already have her permission to do so under EULA)
So I think it is probably a bug, unless it is some random clip from an unexpected media source (an un-asked for podcast/YT vid/ news clip)
If it does not repeat, then intermittent bug is intermittent.
If the person wants to keep using the device, and understands that by design it must be always listening (it should not always be recording, but the old claim of âoh, the device must have heard what it thinks is a keywordâ lie)
I would just recommend/suggest to unplug the device if the victim needs to ring their bank, or is about to engage in vigorous intimate relations. (Or any criminal planningâŚ) The microphone could well hear through walls/doors.
Otherwise, I donât think your sister should worry about a âone offâ unexpected play back of someone elseâs voice.
Unless it happens again
I was also thinking it was likely a bug but wanted to make sure i wasnt missing something. I talked about another person being connected to it and let her know that was a possibility. Reminded her to unplug it during sensitive conversation. And said let me know if it happens again. If it happens again i will investigate further at her house to see whats happening.
Thank you very much for the reply!
Iâm just speculating.
She can contact Google, give a rough date/time, and ask them to investigate.
It should have a full internal log on their servers of everything recorded and played.
I presume the company would not actually give any useful feedback, if they even admit a small error/bug.
But, I have never interracted with such a device (as far as I know)
So is pure speculation from me, donât take my tin-foil ramblings as anything other than paranoid speculation
I had a weird experience with my Nest.
I usually talk to myself sitting at my desk, and one night I got heated about something online so I started talking angerly to myself,
Then the Nest out of nowhere said
âAre you having a bad day?â
NOW I FUCKING AM THATâS SOME CREEPY SHIT
and I know some words or phrases can sound like âhey googleâ and maybe I didnât realize it started listening or was it really listening to međ¤
People have accents and use nest in their non-english or multi-lingual households, have TVs and phones making sounds and noises, and the ML model running on it is not very powerful and doesnât bother to establish and kind of environmental baseline.
Assuming nest is linked to her account, does what happened show here: https://myactivity.google.com/ ?
You might need an exorcist
It sounds to me like maybe a prank on her? April fools was on Saturday. Maybe a friend that has access to the account sets a voice message to play when criteria are met. I do not know if this is a feature of that system or not it is a theory.
you could install network monitoring software like glasswire.
or do some forensics with wireshark.
as for the nest itself, sign into your google accounts and check through the data they keep on there end.
Summary
last night on wan show. linus blurted out that nest has a baked in password.
and google knew about it.
apparently it was found months ago. queried by a security researcher.
but google have said nothing or did nothing so he sent his findings to the doj. who themselves are now being stonewalled by googleâŚ
so yeah mate rip that shit out the wall.
EDIT
well im going deaf apparently⌠i went back and rewatched and its NEXX device not nest ⌠
Just listened to the wan show today and told her about the issue. I tried to talk to her about removing it but she is unwilling to give up the convenience it gives for her kid. Said to start trying to rethink what that convenience is truly worth but i doubt she will remove it. We will see lol. Thanks for all the replies everyone, cheers.
Hey, âthe seed has been plantedâ
Not sure how it works for Nest, but the Siri (and Alexa?) design has been to use local speech recognition for the activation phrase or word (âHey Siriâ, âAlexaâ, etc.) and only when activated does it record and upload the question/query audio to a company server for voice recognition processing.
This is because the local/on-device speech recognition is still much worse than what the companies servers use. Which can explain why voice assistants might activate on a grossly misunderstood wake word, despite understanding everything else correctly.
I cannot find the original article I remember reading about unexpected activations, but here is something similar,
as in a few of those anecdotes, the Google page @risk mentioned should let you see a history of those server-side speech recognition recordings. However, according to,
this might not be available if you turn voice activities off,
[it] doesnât stop Google storing your recordings, but it means they get kept with an anonymous identifier, and canât be easily linked back to your account
maybe its some faulty update or some other device requested info and server sent reply back to multiple devices.
No idea how it works.
Very weird and disturbing. like some wrong phone call type thing and it should be impossible.
Regardless of what the company says, can you truly believe them? They straight up bold-face lie all the time.
Did you know that the parents/caretakers do not own the kid and must always respect the kids privacy?
Article 8 of the HRC
Article 16 of the UNCRC
Learnt about this when I read an article about children suing their parents for inadequate privacy measures andor sharing private/personal details without consent.
And as long as it is not open source it will stay absolutely propriotery.
Those two do not seem to be saying much specifically; could you provide information about the case in question?
I assume it would have to be something truly egregious, akin to abuse. It is not as if the government (in the UK presumably?) will keep parents from talking about or sharing pictures of their kids entirely, right?
In this case, it makes logical sense, it would generate suspicious network traffic that people would notice if it worked differently, and it is a sufficiently popular and interesting thing that I hackers to be poking at it with some regularity. For example:
So I see it as more belief in Okhamâs Razor than what a company is saying.
So what UNCRC means is that every child has rights and by article 16 of it the rights to their privacy. Article 8 of the Human Rights Convention stipulates further on privacy. Privacy and the right to ownership of personal data is by the Finnish Highest court sufficient enough to rule for the child if the child would sue the parents of in that case a video on youtube of the child. And as anything is as public as youtube these days of the social platforms, maybe not a private Instagram or Private Facebook page, But, it does not matter because the parents, without, getting the rights to upload/share the information would still be in the wrong. And because asking a child for their opinion is quite inconsiderate as they have not fully developed and comprehend the current world, they would not be able to give these parents permission until they would be 14-18. Depending on the country/region.
But this is going a bit off-topic now, I can write you the rest and send the article over message.
@Figman - while playing with our youngest child in their room earlier this evening the music stopped and we suddenly heard a manâs voice⌠It sounded like an old-timey news broadcast and he was saying something about the coronavirus and the US. It was staticky- sounding, almost like when switching between two FM radio stations, his message seemed to be layered on an alternative version of itself. I asked google stop whatever it was doing, and after that point there was an odd 1-2 minute pause between songs that played
I say âoddâ because it was a not quite quiet silence. (I realize that doesnât make sense, but the description will have to do until I think of a better way to describe it)
I get that things glitch and say or play random things at times, it was simply the specific content that struck me as odd this time. And this is that only area that Iâve found another person who heard it besides us earlier today.