My sisters google nest started playing somone elses voice and then started to talk about covid?

Hello everyone who is much smarter than me. I recieved a text this morning from my sister saying she was startled by her google nest randomly playing another mans voice for a minute and then he started talking abour covid. I know these devices are not very secure, however im unaware of any attack on a google nest that isnt done close to your house through a wifi router or the crazy stuff using lasers to input commands. Do any of you know what likely happened? Can you access a google nest speaker remotely easily? I just couldnt find a whole lot on there speakers actually being hacked or even having random stuff play from them. Any info will be appreciated. Im going to go over and talk to her about keeping her cameras on a second network that isnt connected to the outside internet. But im not sure what to do with the nest speakers as those need outside access to internet to work prpperly. Ill try to get her to stop using it but my family doesnt care about the prpblems these devices bring.

2 Likes

I don’t think Google/Amazon/Apple machines are supposed to play snippets of their victims to anyone except their staff, or the feds.

Iirc, they are not even supposed to share the clips with their business partners (but they probably already have her permission to do so under EULA)

So I think it is probably a bug, unless it is some random clip from an unexpected media source (an un-asked for podcast/YT vid/ news clip)

If it does not repeat, then intermittent bug is intermittent.

If the person wants to keep using the device, and understands that by design it must be always listening (it should not always be recording, but the old claim of “oh, the device must have heard what it thinks is a keyword” lie)

I would just recommend/suggest to unplug the device if the victim needs to ring their bank, or is about to engage in vigorous intimate relations. (Or any criminal planning…) The microphone could well hear through walls/doors.

Otherwise, I don’t think your sister should worry about a “one off” unexpected play back of someone else’s voice.

Unless it happens again

5 Likes

I was also thinking it was likely a bug but wanted to make sure i wasnt missing something. I talked about another person being connected to it and let her know that was a possibility. Reminded her to unplug it during sensitive conversation. And said let me know if it happens again. If it happens again i will investigate further at her house to see whats happening.
Thank you very much for the reply!

2 Likes

I’m just speculating.

She can contact Google, give a rough date/time, and ask them to investigate.

It should have a full internal log on their servers of everything recorded and played.

I presume the company would not actually give any useful feedback, if they even admit a small error/bug.

But, I have never interracted with such a device (as far as I know)

So is pure speculation from me, don’t take my tin-foil ramblings as anything other than paranoid speculation

3 Likes

I had a weird experience with my Nest.

I usually talk to myself sitting at my desk, and one night I got heated about something online so I started talking angerly to myself,

Then the Nest out of nowhere said

“Are you having a bad day?”

NOW I FUCKING AM THAT’S SOME CREEPY SHIT

and I know some words or phrases can sound like “hey google” and maybe I didn’t realize it started listening or was it really listening to me🤔

4 Likes

People have accents and use nest in their non-english or multi-lingual households, have TVs and phones making sounds and noises, and the ML model running on it is not very powerful and doesn’t bother to establish and kind of environmental baseline.

Assuming nest is linked to her account, does what happened show here: https://myactivity.google.com/ ?

4 Likes

You might need an exorcist

6 Likes

It sounds to me like maybe a prank on her? April fools was on Saturday. Maybe a friend that has access to the account sets a voice message to play when criteria are met. I do not know if this is a feature of that system or not it is a theory.

4 Likes

you could install network monitoring software like glasswire.
or do some forensics with wireshark.

as for the nest itself, sign into your google accounts and check through the data they keep on there end.

3 Likes
Summary

last night on wan show. linus blurted out that nest has a baked in password.
and google knew about it.
apparently it was found months ago. queried by a security researcher.
but google have said nothing or did nothing so he sent his findings to the doj. who themselves are now being stonewalled by google…

so yeah mate rip that shit out the wall.

EDIT
well im going deaf apparently… i went back and rewatched and its NEXX device not nest … :rofl:

2 Likes

Just listened to the wan show today and told her about the issue. I tried to talk to her about removing it but she is unwilling to give up the convenience it gives for her kid. Said to start trying to rethink what that convenience is truly worth but i doubt she will remove it. We will see lol. Thanks for all the replies everyone, cheers.

1 Like

Hey, ‘the seed has been planted’

2 Likes

Not sure how it works for Nest, but the Siri (and Alexa?) design has been to use local speech recognition for the activation phrase or word (“Hey Siri”, “Alexa”, etc.) and only when activated does it record and upload the question/query audio to a company server for voice recognition processing.

This is because the local/on-device speech recognition is still much worse than what the companies servers use. Which can explain why voice assistants might activate on a grossly misunderstood wake word, despite understanding everything else correctly.

I cannot find the original article I remember reading about unexpected activations, but here is something similar,

as in a few of those anecdotes, the Google page @risk mentioned should let you see a history of those server-side speech recognition recordings. However, according to,

this might not be available if you turn voice activities off,

[it] doesn’t stop Google storing your recordings, but it means they get kept with an anonymous identifier, and can’t be easily linked back to your account

1 Like

maybe its some faulty update or some other device requested info and server sent reply back to multiple devices.

No idea how it works.

Very weird and disturbing. like some wrong phone call type thing and it should be impossible.

2 Likes

Regardless of what the company says, can you truly believe them? They straight up bold-face lie all the time.

2 Likes

Did you know that the parents/caretakers do not own the kid and must always respect the kids privacy?
Article 8 of the HRC
Article 16 of the UNCRC
Learnt about this when I read an article about children suing their parents for inadequate privacy measures andor sharing private/personal details without consent.

And as long as it is not open source it will stay absolutely propriotery.

1 Like

Those two do not seem to be saying much specifically; could you provide information about the case in question?

I assume it would have to be something truly egregious, akin to abuse. It is not as if the government (in the UK presumably?) will keep parents from talking about or sharing pictures of their kids entirely, right?

In this case, it makes logical sense, it would generate suspicious network traffic that people would notice if it worked differently, and it is a sufficiently popular and interesting thing that I hackers to be poking at it with some regularity. For example:

So I see it as more belief in Okham’s Razor than what a company is saying.

1 Like

So what UNCRC means is that every child has rights and by article 16 of it the rights to their privacy. Article 8 of the Human Rights Convention stipulates further on privacy. Privacy and the right to ownership of personal data is by the Finnish Highest court sufficient enough to rule for the child if the child would sue the parents of in that case a video on youtube of the child. And as anything is as public as youtube these days of the social platforms, maybe not a private Instagram or Private Facebook page, But, it does not matter because the parents, without, getting the rights to upload/share the information would still be in the wrong. And because asking a child for their opinion is quite inconsiderate as they have not fully developed and comprehend the current world, they would not be able to give these parents permission until they would be 14-18. Depending on the country/region.

But this is going a bit off-topic now, I can write you the rest and send the article over message.

1 Like

@Figman - while playing with our youngest child in their room earlier this evening the music stopped and we suddenly heard a man’s voice… It sounded like an old-timey news broadcast and he was saying something about the coronavirus and the US. It was staticky- sounding, almost like when switching between two FM radio stations, his message seemed to be layered on an alternative version of itself. I asked google stop whatever it was doing, and after that point there was an odd 1-2 minute pause between songs that played

1 Like

I say “odd” because it was a not quite quiet silence. (I realize that doesn’t make sense, but the description will have to do until I think of a better way to describe it)

I get that things glitch and say or play random things at times, it was simply the specific content that struck me as odd this time. And this is that only area that I’ve found another person who heard it besides us earlier today.

1 Like