Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion
‎02-03-2020 09:57 PM
‎02-03-2020 09:57 PM

OK Google! Bypass the Authentication!

When a user pronounces the words “a capo” (Italian equivalent of the English “new line”, “new paragraph”) an unspecified Google Assistant App translates this as the control character \n, interpreting the phrase as if the user had pressed the Enter key, to submit the input.

 

Ok Google! Do you like to process empty input? Yes! So instead of hearing a password for the app, Google Assistant is tricked  into falling to the apps "Default Intent" which provides access to the apps main menu. From there, the attacker can access any functionality for any user. Nice! The security researcher that found and responsibly reported it to Google did NOT get any credit or reward Smiley Sad although Google did eventually fix it here after back tracking from saying it was a "no fix".

 

Reply
0 Kudos
1 Reply
CISOScott
Community Champion
‎02-04-2020 09:46 AM
‎02-04-2020 09:46 AM

I'm waiting for the lawsuit when someone's AI drives them off a cliff. In the courtroom the accuser will say:

I said "Alexa, drive me over to Cliff's" and the next thing I know I'm here at the bottom of a cliff.

Reply
0 Kudos