{"id":14637,"date":"2017-04-13T11:36:24","date_gmt":"2017-04-13T15:36:24","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=14637"},"modified":"2019-11-15T06:48:32","modified_gmt":"2019-11-15T11:48:32","slug":"burger-king-hacks-google-home","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/burger-king-hacks-google-home\/14637\/","title":{"rendered":"Burger King takes over Google Home"},"content":{"rendered":"<p>We\u2019ve written a bunch about the insecurity of the Internet of Things (IoT) and connected devices. Many have also wondered how secure voice-controlled home devices like Google Home, Alexa, and similar devices are. We are talking about serious researchers, here.<\/p>\n<p>However, little did we suspect that a device like Google Home would be exploited not by a black-hoodied hacker but rather by an actor shilling hamburgers. In the commercial below, you can see the actor draw the camera close and speak the magic words <em>OK Google<\/em>:<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/U_O54le4__I?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>Seems harmless, right? Well maybe not. In this video, you can see the same commercial, but with a small twist:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">RT <a href=\"https:\/\/twitter.com\/glowgow?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@glowgow<\/a> Here's what happens when you watch Burger Kings Whopper ad around Google Home.  ingenious or invasive? <a href=\"https:\/\/t.co\/1Klaj9hPv4\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/1Klaj9hPv4<\/a><\/p>\n<p>\u2014 Jeff Esposito (@jeffespo) <a href=\"https:\/\/twitter.com\/jeffespo\/status\/852548620222177281?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 13, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><em>Holy computer takeover, Batman!<\/em> Yup, the command worked. It was nowhere as advanced as the research we sat in on last week at the SAS. At least the advertiser didn\u2019t go with \u201cAlexa, order me a whopper.\u201d<\/p>\n<p>A recent TechCrunch article <a href=\"https:\/\/techcrunch.com\/2017\/04\/12\/no-thank-you\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">raised the battle cry for privacy concerns<\/a>, saying: \u201cAt best, it\u2019s really annoying for people with the device in their living room. At worst, it once again raises some nagging questions about technological limitations and privacy concerns surrounding these smart assistants.\u201d<\/p>\n<p>The complaint has its merits, but the simple truth is that this was bound to happen. Advertisers look to hop on the latest trends. Burger King did it on purpose, but this effort brings to mind the lack of foresight that led to a 6-year-old ordering cookies and a dollhouse by wishing on her parents\u2019 Echo device \u2014 and then, when that was reported on the television news, Alexa perked up in viewers\u2019 homes and <a href=\"https:\/\/www.kaspersky.com\/blog\/voice-recognition-threats\/14134\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">ordered dollhouses for them<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The proverb \u2018Walls have ears\u2019 is not as metaphoric as it used to be. Discover the dangers of voice assistants -&gt;  <a href=\"https:\/\/t.co\/mdzuHnDFkq\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/mdzuHnDFkq<\/a> <a href=\"https:\/\/t.co\/CFfAbxx10v\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/CFfAbxx10v<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/836912405888249856?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 1, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Reading through the settings on the Help Page for Google Home, I can\u2019t find somewhere to set up an ordering code <a href=\"https:\/\/www.howtogeek.com\/237386\/how-to-enable-disable-and-pin-protect-voice-purchasing-on-your-amazon-echo\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">like on Amazon<\/a>, but rather, the ability to filter out inappropriate content.<\/p>\n<p>It will be interesting to see how Google, advertisers, and smart home developers look at this incident. Given the number of homes with these types of devices, I can\u2019t imagine this will be the last we hear of this kind of misuse of voice recognition.<\/p>\n<p>Until then, we can add April 12 to the annals of Internet lore as the day that Big Fast Food turned an actor into a hacker. Somewhere forums are going crazy wondering why they didn\u2019t think of it first and hoodies are being traded for paper crowns and a side of fries.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Burger King exploits IoT Google Home in latest commercial.<\/p>\n","protected":false},"author":636,"featured_media":14640,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1995,22,794,422,889,1996],"class_list":{"0":"post-14637","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-burger-king","9":"tag-google","10":"tag-iot","11":"tag-threats","12":"tag-voice-recognition","13":"tag-whopper"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/burger-king-hacks-google-home\/14637\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/burger-king-hacks-google-home\/9085\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/burger-king-hacks-google-home\/10391\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/burger-king-hacks-google-home\/10127\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/burger-king-hacks-google-home\/3142\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/burger-king-hacks-google-home\/7267\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/burger-king-hacks-google-home\/6561\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/burger-king-hacks-google-home\/10050\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/burger-king-hacks-google-home\/15240\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/burger-king-hacks-google-home\/14637\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/burger-king-hacks-google-home\/14637\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/iot\/","name":"IoT"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=14637"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14637\/revisions"}],"predecessor-version":[{"id":30002,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14637\/revisions\/30002"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/14640"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=14637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=14637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=14637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}