
A Sleeping Alexa Can Listen for More Than Just Its Name - teklaperry
https://www.spectrum.ieee.org/view-from-the-valley/consumer-electronics/gadgets/beyond-the-super-bowl-a-sleeping-alexa-can-listen-for-more-than-just-her-name
======
paxy
According to the article, "can" = has the capability to.

Isn't that obvious though? Any internet connected device with a microphone has
the capability to always listen to what you say. Whether they choose to or not
is up to the manufacturer, and you're placing your trust in them. And it's
funny to me that people freak out about smart speakers when your cellphone is
within listening distance of you all the time.

~~~
woodrowbarlow
according to security principles, "can" = we must assume that it will or has
been, given the proper motivation.

the iphone has a low-power asic whose sole purpose is to listen for "hey siri"
with relaxed confidence intervals. the real voice processing isn't done until
the main cpu is woken by this asic. because of this, we can identify discrete
modes of operation in the iphone, one of which is incapable of doing arbitrary
"spying".

based on the article, it sounds like the alexa doesn't have this affordance.
while unsurprising in this case, i don't think we must accept that anything
with an internet-connected microphone has the capability to always listen to
what you say.

~~~
DSMan195276
I'm not sure the distinction is as notable as you're making it. The iPhone as
you describe it is perfectly capable of listening to everything you say, it
just has to never release control of the mic to the low-power ASIC.

I'm also not sure the article actually indicates what you're saying, it's
kind-of vague. For example, it never states that anybody was able to actually
program Alexa with a new wake-word, just the possibility of being able to
create different signatures that could be used as wake-words. And the
description of how they prevent things like the superbowl ad could all be done
_after_ Alexa detects the wake-word wakes up the main processor, but before
Alexa actually responds to the user. I don't see anything in the article that
indicates Alexa can't be using a separate chip dedicated to listening to the
wake-word.

To that end, not to long ago a Reddit user claimed that Alexa _did_ have two
separate modes it operated in [0]. Which, it is entirely possible they could
be lying, but you could always just open the thing up and take a look. But
even if it does have a separate chip my previous point about the iPhone still
applies, so besides power-usage I don't think it is extremely notable.

[0]
[https://np.reddit.com/r/Showerthoughts/comments/7m91u9/if_go...](https://np.reddit.com/r/Showerthoughts/comments/7m91u9/if_google_devices_only_start_listening_once_you/drsdxe1/?sh=c90d0649&st=JBO70BSD)

~~~
secabeen
The other angle is that were Alexa actually recording and sending voice data
frequently, it would show up in the traffic data. Unless they're smuggling
past recordings along piecemeal along with actual recordings, traffic analysis
would work.

~~~
Klathmon
Unless they are capable of doing the speech-to-text on-device, then the amount
of data is negligible.

Hell, if they were really crafty they could have it listen for a specific
phrase or word, then send back as little as a single byte signifying that it
was heard.

(I own an echo and a few Google homes, and I don't actually think this is
happening, but the idea is kind of fun to chase)

~~~
sitkack
> Unless they are capable of doing the speech-to-text on-device, then the
> amount of data is negligible.

What is the lowest bitrate codec and how does it compare to the plaintext
version?

~~~
Klathmon
Well considering text is literally hundreds of bytes, I can't imagine audio
would be able to keep up.

~~~
sitkack
Take a look at the BoE calc that someone else did in this thread, it might
shed some light on what is possible.

------
WalterBright
Alexa should come with a physical switch on the top of it to turn the mike
on/off. Not a software switch. It should also have an LED that glows when the
mike is on.

If it had that, I'd buy one.

~~~
mars4rp
I just unplug it, and when I want to listen to music plug it in, problem
solved!

~~~
WalterBright
Putting it on a bus strip with a power switch is definitely Plan B, but it's
inconvenient.

My bluray player spends a lot of time fruitlessly searching for an internet
connection when I put a bluray in it, and eventually it gives up and just
plays the disk. I see no reason to connect it to the internet so it can spy on
me.

~~~
ygra
Don't Blu-ray players have to get updates sometimes or certain discs won't
play?

~~~
DiabloD3
Technically yes, but due to how first generation Bluray players will never
have updates to their DRM keysets, there have been extremely few discs that
chose to employ new keys.

This may become a thing for 4k Blurays (since all 4k Bluray players are long
since compliant with the over-the-internet key updating mechanism), but
unlikely because most manufacturers still refuse to update _anything_ after
warranty ends.

Ergo, the Bluray industry doesn't want to tie themselves to a model where
people have to buy new players every 3 years: people will just stop buying
discs instead.

The other OTHER side of this is: the disc is dead. Most people own very few
discs, only of their absolute favorite movies they want in a high quality copy
_or_ for the few people who are bothering with 4k content (since most people
still do not have enough internet to stream it); so why rock the boat, just
let the format play itself out.

~~~
WalterBright
The disc may be dead, but most of the movies I want to watch are available
from Netflix only with their disc service. I also borrow discs from the
library.

But you're right that I'll only buy a disc for a special movie.

------
crankylinuxuser
In the end, we don't know what Alexa is listening to.

If we do dead-listing style analysis with teardowns and eeprom dumps, it can
only tell us what it was listening to at that time.. and sometimes not even
that.

How do we know what [.0076162328 3.27617819 91817.111121123 -65.2129] is
listening to, especially when combined with complicated neural network
weights? We can only check and verify every possible input, and that's
effectively infeasible.

We chose not to buy these types of devices for our house, because of the great
deal of unknowns.

~~~
r00fus
That's my big concern as well. Hidden trigger phrases and self-incrimination
issues (i.e., valid trigger phrase + sending potentially incriminating speech)
- either separately (or worse, combined) are something I'd rather not worry
about in my own home.

~~~
djsumdog
I'm surprised we haven't seen any warrants from police/FBI that would require
wire tapping using one of these devices.

~~~
marnett
Not for wire tapping, but just in case you weren't aware, there was a case
where law enforcement wanted all recordings from an Alexa in a homicide
case[1]

[https://www.cnn.com/2017/03/07/tech/amazon-echo-alexa-
benton...](https://www.cnn.com/2017/03/07/tech/amazon-echo-alexa-bentonville-
arkansas-murder-case/index.html)

------
snowwolf
I've been thinking about this recently. I have multiple Echo's in the house
with really good microphones, as well as smart smoke alarms with farsight[0]
which senses motion. This could be turned into a pretty sophisticated home
security system that could alert you when sleeping (wakes up the Echo in your
bedroom) or out (notify you via the app) when suspicious activity occurs -
like the window glass breaking example, or motion is detected when everyone
has gone to bed or are out of the house.

With machine learning/AI systems these could potentially be more accurate than
traditional home security systems.

[0] - [https://nest.com/uk/support/article/What-is-
Farsight](https://nest.com/uk/support/article/What-is-Farsight)

~~~
EADGBE
That page makes it seem like only the Thermostat has Farsight. You mention
smoke alarms.

I do know that my Nest Protects (smoke alarms) have motion detection though.
Very handy nightlight in the middle of the night. Though if tied into the sole
source of an alarm system I know it'd be a problem because my dogs can
activate the nightlights in the Protects.

Pets really make home security hard, I'd bet.

------
nfoz
I was in a small group of people having an intimate (private) conversation in
a church. Out of nowhere we were interrupted by a Windows computer sitting in
a cabinet, connected to the booming AV system: "I'm sorry, I didn't get that.
I'm sorry, I didn't catch that."

I hate these things.

~~~
JoshMnem
I'm still baffled why anyone would put those voice-activated devices in their
houses. Smartphones are bad enough, and I'm hoping to get rid of mine soon.

~~~
djsumdog
Same here. I told my roommate/landlord I'd be totally against a
Alexa/Google/Siri mic/speaker in the house. I see so many people in tech who
have them that it's scary.

I've thought about making my own open source version using something like
Jarvis.

~~~
themaninthedark
I have an interest in home automation and smart lighting but it looks like all
the current systems need to be hooked up to wifi/cloud to do anything.

Are there any systems out there that you can hook up via ethernet and hook up
to your own server?

Things like having bedroom lights change color temp on time of day. perhaps
stepper motor control of blinds. I really don't know why my lights need to be
hooked up to the cloud via wifi for things like that.

~~~
Klathmon
Look at home assistant as a hub. It's a fully open source python-3 based
system that runs happily on a raspberry pi. It has many ways of interfacing
with just about every device including local-only things like zwave, ZigBee,
or lutron.

They also have support for some wifi based things that are still local-only,
but I tend to treat them as hostile and firewall them off, and even then I
don't really like having them as they tend to be made by unknown manufacturers
and have pretty shitty first party apps.

------
hendersoon
My echos answer the TV all the time whenever it hears phonemes remotely
similar to Alexa like "electric". Amazon doesn't allow users to set their own
arbitrary wake words, which would fix the problem, and the only other two wake
words they allow, "Echo" and "Computer" are much more common than Alexa so
they're useless.

I also have a Google Home and it never, _ever_, answers by accident. "Hey
Google" doesn't sound like other phonemes. Simple as that.

~~~
outworlder
Have you gone through voice training? I have not had this problem after that.

~~~
hendersoon
Yep, doesn't fix it for me.

------
almiron10
I unplug it when I don't want to listen to music or put together a shopping
list.

Also, I wouldn't have one if it wasn't given as a gift. I can't believe these
are even for sale. They are clearly not ready for consumers. Nearly 90% of the
commands I try to give result in Alexa not knowing or misunderstanding. Why
should anyone pay to beta-test the product?

~~~
3pt14159
Security minded people should install more physical switches to outlets for
this type of thing.

~~~
codeulike
Wait, in the UK all outlets have to have physical switches. Is it not like
that in the US?

~~~
stordoff
Is that actually a requirement? I know it's the norm, but my house still has
plenty of unswitched outlets.

~~~
codeulike
In old houses some are unswitched, but modern ones are always switched I
think.

------
blacksmith_tb
I have been waiting for some kind of audio fingerprinting for security systems
for years. Though personally I'd prefer a training model which would also let
you teach the device other sounds (like "this beeping means the stove is on"),
I'd rather be able to set up notifications for those, but even having my phone
tell me "I heard breaking glass at home" is a start. Otherwise I don't see
much here that is new, presumably there's still no voice recognition on the
non-wake-word speech (it's just noticing there are people around, talking to
each other, or that you talk to yourself, your pet, etc).

------
daodedickinson
In the community I live in, we think people have gone insane by marketing or
technophilia if they allow one of these in their home and we are trying to
back away from cell phones.

~~~
wickawic
What community is this?

------
dynofuz
i think the article misses some details. from what i understand, here's how
alexa operates in the superbowl ad context:

\- ad plays on tv

\- alexa hears its name

\- alexa sees that name contains the digital fingerprint

\- (maybe alexa sends this to amzn servers so they know how may people r
watching the sb & have alexa on)

\- alexa stops listening for additional commands

therefore alexa is still only listening for its name

~~~
dvfjsdhgfv
You missed a few points. In order for "alexa hears its name" to work, Alexa
needs to be able to hear sounds and actively process them.

~~~
wvenable
The echo has a separate processor that listens for the wake word; when it
hears the wake word it fires up the main processor to start doing the actual
audio processing. Some simple commands are processed directly on the Echo
without going to Amazon's servers but the rest are sent over the Internet to
be processed.

~~~
ajvpot
From my experience reverse engineering the first generation Echo, there was no
coprocessor. However, wake word detection was done offline. There was a
software controlled hardware switch to disconnect the microphone when it was
muted.

~~~
wvenable
I don't know how accurate this is but this what I found on how the Echo works:

"

Echo is built on Texas Instruments DM3725 Digital Media Processor.

This TI SoC has two key pieces inside, first is ARM Cortex-A8 MPU, and the
second one is TMS320DM64x+ DSP. The ARM core should be running Linux and the
DSP is running firmware.

When idling, the ARM core is taken to lowest possible power state and Linux is
completely suspended. At this time the DSP and 64KB On-Chip RAM are active.
The DSP firmware processes noise coming in from the mics and attempts to
identify if a keyword (e.g., Alexa) is spoken. As soon as it identifies
there's a keyword, DSP sends an interrupt to wake up the ARM core which in
turn resumes Linux.

"

------
throwawazqq
[https://s3-us-west-2.amazonaws.com/amazon.jobs-public-
docume...](https://s3-us-west-2.amazonaws.com/amazon.jobs-public-
documents/1485anav.pdf)

