There is no doubt that the world is becoming connected, in more ways than one. A lot of this can be attributed to the growth of the various wireless technologies which have proliferated into our everyday lifestyles. However, the one device which has so far stood out the most when compared to the others is that of the Smartphone.
One of the latest tools to come out which has been designed to be a companion to the Smartphone is that of the “Virtual Personal Assistant.” This is primarily a mobile app which you can download onto your Smartphone, and after initializing it, you can ask it just about any kind or type of question, and it will find you the answer that you need in just a matter of a few seconds.
How is this possible? It is so through a combination of Neural Network technology, Machine Learning, and other various technological concepts which can learn from your behavior, and from there, provide an answer that is unique to your own circumstances.
The two most popular Virtual Personal Assistants that are being utilized today are that of Siri and Cortana.
These two can be considered as the “first generation” Virtual Personal Assistants (VPAs). There are many others which are going to come down the horizon, with much more sophistication being built into them.
One of the most significant features is that the VPA will be able to do just more than answer your questions on a myriad of subjects. Instead, the intent is that it will actually “automate” our lifestyle.
However, as with all things technological and mobile, the VPA has started to show signs of its Security weaknesses. These are both in the form of technical and non-technical based threats and risks.
As it has been reviewed, one of the most significant vulnerabilities is that of the recorded conversation. For example, there is great fear (and it is even a known fact) that Siri and Cortana actually record the conversations that they are having with you. These are then stored on servers which reside either Apple or Microsoft.
Our last article continued with the theme of other Security risks posed to and by the Virtual Personal Assistant, and these included the following:
- Confusion in the language of the Software Licensing Agreements by Microsoft and Apple;
- The use of Siri and Cortana with the Internet of Things (IoT);
- The risks that are associated with VPA Unfiltering;
- The unauthorized, remote access of either Siri or Cortana.
It is essential to keep in mind that trying to find the resolution to these major issues is still a very complicated task, with no clear answers yet. However, there a couple of technical issues to which there are some answers, which will be addressed in this article, as well as to what the future holds for the Virtual Personal Assistant.
Fixing Siri and Cortana
How to Change the Default Settings on Your iPhone:
It really does not matter what version of the iPhone or iPad that you currently have, Siri was designed by Apple in such a way that it can be used even when the passcode is not entered in. So yes, this means that Siri will be up and running the moment, you hit the “Home” button on your wireless device.
This has been a known Security risk, and Apple has even acknowledged this as well. However, their argument has been that in this regard, the end user’s want for convenience trumps that over for Security.
But just imagine the Security risks that are associated with this: Anybody can gain access to Siri no matter where your wireless device is physically located (for example, phone calls can be made, and even text and email messages can also be sent in a very covert fashion-in fact you will not even be aware that it has happened).
Once this occurs, it is entirely possible for a potential Cyber attacker to use this quite severe vulnerability and even to try to hack into the iPhone or iPad itself. What can be done to prevent this from happening in the first place? Sure, there is. Just follow these simple procedures:
- On your iPhone or iPad, first go to the “Settings,” click on the app.
Then, scroll to the “Touch ID” and press upon it. Both steps are illustrated below:
- Enter your new Passcode.
- Once you have done this, then scroll to the “Allow Access When Locked” portion.
Then, then tap Siri (or in other words, move the button to the left) so that Siri cannot be activated until you have unlocked your iPhone or iPad by entering in your new passcode. Both steps (#4 and #5) are illustrated below:
As we have reviewed in the past articles, Cortana is the Virtual Personal Assistant that is created and developed by Microsoft and has found its home on the Windows 10 Operating System. Because of the Security issues which have been found in the Windows 10 OS, the adoption rate of Cortana has dropped over time. In fact, it is viewed less favorably than Siri.
Ethical Hacking Training – Resources (InfoSec)
However, unlike Siri which can be disabled, Cortana cannot be disabled once it has been activated. Not only can this be a nuisance, but it can also prove to be a Security vulnerability as well. There is a way to disable Cortana, using the Registry Keys permanently.
However, keep in mind, this should only be done if you have an advanced knowledge of both using the and editing these keys. Any inadvertent deletion or even a typo could utterly corrupt the entire Windows 10 Operating System.
Navigate to this Registry Key:
- Now, click on the Windows Search Folder, and go to New > DWORD (the 32-Bit value).
- Name the new DWORD to “AllowCortana” and then set the value to 0.
- Log off and reboot your computer. Cortana should now be permanently disabled.
The Future of Siri and Cortana
The way that Siri and Cortana are being used on our iPhone and Windows Mobile devices is considered to be that of the first generation. Meaning, we can ask either of them a simple query, and for the most part, it will be answered in a way that will satisfy us.
However, as we have mentioned before, this is only the beginning. There is much more that is being planned, and it will come to the point that the predecessors to Siri and Cortana will become our support in both our professional and personal lives.
Here is what is planned:
1. Implementation of the Smart Home:
Of course, we have all heard of Smart just about everything, but how about a “Smart Home”? Just what is it exactly? It can be defined as follows:
“‘Smart Home’ is the term commonly used to define a residence that has appliances, lighting, heating, air conditioning, TVs, computers, entertainment audio & video systems, security, and camera systems that are capable of communicating with one another and can be controlled remotely by a time schedule, from any room in the home, as well as remotely from any location in the world by phone or internet.”
Essentially, this what this means is that every major item in your house which is controlled electronically can be turned on or off at your whim, using a centralized control panel. However, keep in mind, this requires direct intervention on your part. The idea of the Virtual Personal Assistant of the future is that it will make these decisions for you, based on your behavioral profile and other information/data that you submit to it. Probably one of the best examples of this is the “Amazon Echo.” It is a loudspeaker, and in it “lives” the Virtual Personal Assistant known as “Alexa.” The loudspeaker is located in a central position in your house and wired to all your electrical devices. You simply tell Alexa to turn on the TV, start the dishwasher, and even organize your personal schedule. There are a number of Security issues with the IoT, and as a result, could also affect the optimal functioning of Siri or Cortana given how intertwined these two will be with the IoT.
Some of these include the following:
More devices connected usually brings in more points of failure:
In the world of Security, one of the key mantras is to eliminate all the main points of failure as much as possible. In a relative sense, this can be a much more manageable task with a Network Infrastructure as opposed to the IoT. Keep in mind that with the latter, there are many more items that will be connected with one another other than just protecting a series of workstations and servers in a business environment. The result is that with all this interconnectedness with the IoT, it means that there will be that much more that a Cyber hacker can launch an attack into. Also, keep in mind that the average household probably cannot afford the same levels of Security mechanisms that a business or corporation can, thus making the IoT in this regard that much more vulnerable.
Many more software updates will be needed:
It is one thing just to have to install patches or software updates to a Central Server in a Network Infrastructure, as it is assumed that there will be a set of established procedures and protocols already set in place. However, keep in mind with the IoT, most if not all of the devices which are connected with another will need to have software upgrades and patches installed on them as well. However, at present, there are no clear procedures as to how these patches or software upgrades should be applied and implemented. Also, it is likely that many of them may not be completely tested to ensure that they do not have Security vulnerabilities themselves. As one can see, this part of the IoT remains extremely “murky” from a Security point of view, and as a result, poses, even more, the opportunity for the Cyber hacker to launch new, covert threats into this uncharted territory.
2. You will be having a much deeper and more intimate “relationship” with your Virtual Personal Assistant:
Whom is the first person that you go to to have a deep conversation or to talk about something extremely personal? Your significant other or your spouse, of course. However, in the future, this could all very well change. The VPAs of the future (including ViV) will be designed in such a way that they will become literally your “virtual spouse.” In other words, you will be able to have much longer conversations with it, lasting for hours on end, rather than just the simple few minute queries that you have Siri or Cortana today. For example, the futuristic VPA will help you to plan your next vacation, help you select your new doctor (even figure out which medical insurance policy is best for you), and even help you to decide your next career move. The Virtual Personal Assistant of the future will have a much more interactive interface than what Siri or Cortana possess today. Also, they will be much more proactive in learning about you. In other words, they will even initiate conversations with you if they “see” something in the external environment that may be of interest or of even of help to you in your daily tasks. Also, the language context of the conversation will be much more sophisticated, in that most of the nuances of it will be understood by the VPA. The bottom line is that it is anticipated the end user will have a very secure, trusting, private, and intimate relationship with their Virtual Personal Assistant-in a way that parallels the relationship with their significant other.
In summary, this article has examined two ways in which the Security vulnerabilities of both Siri and Cortana can be mitigated. With the former, this involves a few simple keystrokes so that it cannot be accessed without first entering your unique passcode.
Regarding the latter, at present, the only way to disable specific features of Cortana if they are deemed to be a Security threat is just to disable it all together. At present, this is the only solution. The best way to do this is to modify the Registry Keys, as described. However, this should only be done if you have advanced knowledge of the Windows Registry Keys.
The future trends of the Virtual Personal Assistant were also examined, and the standard denominator here is that it will have a relationship with us on all kinds of levels, never known before. As mentioned, it will become our Virtual “significant other.”
Our next couple of articles will continue to examine another area of wireless technology-the Virtual Wallet. This is a tool which allows you to make payment without any currency changing hands, or any credit cards being processed at the Point of Sale terminal.