Burger King Runs Ad Triggering Google Home Devices; Google Shuts It Down (theverge.com)

← Back to Stories (view on slashdot.org)

Burger King Runs Ad Triggering Google Home Devices; Google Shuts It Down (theverge.com)

Posted by BeauHD on Wednesday April 12, 2017 @01:05PM from the not-on-my-watch dept.

Burger King unveiled a new advertisement earlier today designed to trigger users' Google Home devices. The ad specifically used the Google Home trigger phrase "Okay, Google" to ask "What is the Whopper burger?," thus triggering the Google Assistant to read off the top result from Wikipedia. But less than three hours after Burger King launched the ad, Google disabled the functionality. The Verge reports: As of 2:45PM ET, Google Home will no longer respond when prompted by the specific Burger King commercial that asks "What is the Whopper burger?" It does, however, still respond with the top result from Wikipedia when someone else (i.e., a real user) other than the advertisement asks the same question. Google has likely registered the sound clip from the ad to disable unwanted Home triggers, as it does with its own Google Home commercials.

42 of 191 comments (clear)

Min score:

Reason:

Sort:

Fuck you Google! by Anonymous Coward · 2017-04-12 13:08 · Score: 5, Funny

I wanted to hear more about this "Whopper" burger! What are you trying to hide Google???
1. Re:Fuck you Google! by Anonymous Coward · 2017-04-12 13:38 · Score: 2, Insightful
  
  > What are you trying to hide Google???
  Burger King should make a follow up commercial that poses that very question. Make into a conspiracy. The public seems fond of those nowdays.
1984 CFAA violation? by Anonymous Coward · 2017-04-12 13:12 · Score: 5, Interesting

Isn't this basically a blatant violation of the Computer Fraud and Abuse act? What if a small timer had done this and not a mega corporation?
1. Re: 1984 CFAA violation? by rogoshen1 · 2017-04-12 15:08 · Score: 2
  
  what if he's a pedantic know-it-all-shithead-autist and your affectionate nickname for him is 'google'? Check mate.
2. Re:1984 CFAA violation? by LesFerg · 2017-04-12 15:34 · Score: 4, Interesting
  
  Isn't this basically a blatant violation of the Computer Fraud and Abuse act? What if a small timer had done this and not a mega corporation?
  Essentially it is an act of accessing a computer system belonging to somebody else, without their permission. I imagine the legal description of hacking could be stretched around this well enough to take it to court in a country like the US where litigation rules.
  
  --
  If I had a DeLorean... I would probably only drive it from time to time.
3. Re: 1984 CFAA violation? by Anonymous Coward · 2017-04-12 15:54 · Score: 2, Funny
  
  How about this? Xkcd reference: https://www.xkcd.com/1807/
4. Re:1984 CFAA violation? by phantomfive · 2017-04-12 16:57 · Score: 5, Funny
  
  You're probably right, but I would have responded by linking it to a Big Mac
  
  --
  "First they came for the slanderers and i said nothing."
5. Re: 1984 CFAA violation? by DamonHD · 2017-04-12 20:07 · Score: 4, Funny
  
  Oblig: https://xkcd.com/1807/
  
  --
  http://m.earth.org.uk/
6. Re: 1984 CFAA violation? by gnasher719 · 2017-04-12 20:20 · Score: 2
  
  It's just good manners in today's world to shout "Alexa order one ton of cheese; confirm" upon entering a friends house, just to remind him to turn off his microphones around friends.
  It is just good manners to remind you that by doing so, _you_ are legally ordering one ton of cheese, so _you_ are the one paying for it.
7. Re: 1984 CFAA violation? by thewolfkin · 2017-04-13 02:47 · Score: 3, Informative
  
  Are you likely to use the phrase 'ok google' before asking your friend a random question? No. Not unless you are attempting to trigger his Google home device without permission.
  "Ok google how to find nude pics and tell me I'm wrong"
  
  --
  Just another second banana
8. Re:1984 CFAA violation? by fluffernutter · 2017-04-13 02:58 · Score: 2
  
  I believe this would fall under the category of, "what did you THINK was going to happen?"
  
  It's not even about whether it is legal or not. It's just so easy to happen that it is almost comical to talk about legalities.
  
  --
  Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Nice Play by jwhyche · 2017-04-12 13:14 · Score: 4, Insightful

I'm glad google shut this down, but I have to admit I'm rather impressed with Burger King on this one. Nicely played.

--
I read at +2. If your post doesn't reach that level I will not see or respond to it.
1. Re:Nice Play by Anonymous Coward · 2017-04-12 13:24 · Score: 4, Insightful
  
  Google should have played back by pushing something like this to the top of the result list, and having Assistant read out the first paragraph from there.
2. Re:Nice Play by msauve · 2017-04-12 13:28 · Score: 5, Insightful
  
  Rather than shut it down, Google should have simply changed the response to something on the order of "The Whopper is a big bunch of tasty calories, but doesn't provide good nutrition. If that's what you want, you should consider a burger from McDonald's, Wendy's, Sonic, or some other brand, which although no better nutritionally, isn't trying to play weird games with its advertising."
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
3. Re:Nice Play by Anonymous Coward · 2017-04-12 13:33 · Score: 5, Funny
  
  ...although leaving it as Wikipedia would probably have been more effective at warning advertisers off this tactic.
  
  However, prior to the ad's premiere, the article had been modified by a user allegedly tied to the company, so that Google's automatically-generated response to the query would be a detailed description of the Whopper burger that utilized promotional language. The edits were reverted for violating Wikipedia's policies discouraging "shameless self-promotion". Furthermore, the snippet became the target of vandalism, which caused Google Home to read off statements suggesting that the sandwich's ingredients included "rat meat", "toenail clippings", and a "medium-sized child".
4. Re:Nice Play by darthsilun · 2017-04-12 14:00 · Score: 5, Interesting
  
  from the article: ... its high amount of fat, cholesterol and sodium makes it an unhealthy food...
  Well, not to defend Burger King (and a bit off topic), but if you're getting the appropriate amount of exercise your body won't metabolize the fat and cholesterol, and the original research that claimed salt is bad for you was flawed (https://www.scientificamerican.com/article/its-time-to-end-the-war-on-salt/); posting this kind of counter attack could be considered – by some – as misguided. Then again, most people don't get sufficient exercise and the fat and cholesterol is bad for them.
  It wasn't uncommon in the early days of the web for people to shift the bandwidth load of their websites by linking to content on other people's web servers. When those other people figured out this was happening to them, they would replace the content with something else that the bandwidth "thief" didn't intend, e.g. smut, much to the bandwidth thief's embarrassment.
  A better counter attack, IMO, would have been to replace the content Burger King was expecting with something else, e.g. an audio clip of Meg Ryan's faux orgasm from "When Harry Met Sally" or a clip of HAL saying "I'm sorry Dave, I'm afraid I can't do that."
5. Re:Nice Play by msauve · 2017-04-12 15:30 · Score: 4, Funny
  
  A better reply would be "I'm sorry , I don't understand the question."
  Why would Google beg to get sued by Apple for copying Siri?
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
6. Re:Nice Play by meglon · 2017-04-12 19:17 · Score: 4, Funny
  
  See, now if it was Wendy's that came up with the add, the better response would have been "I'm sorry Dave, i can't do that."
  
  --
  Fascism: An authoritarian and nationalistic right-wing system of government and social organization. See also: NAZI's
7. Re: Nice Play by jwhyche · 2017-04-13 02:30 · Score: 2
  
  No felonies where committed. What was done was a pretty good hack if you think about it. Burger King managed to hack a device over a TV commercial. That was actually very clever.
  I'm glad google shut this down because there probably would have been copy cats. But again, no felonies where committed.
  
  --
  I read at +2. If your post doesn't reach that level I will not see or respond to it.
CueCat all over again by Red_Chaos1 · 2017-04-12 13:19 · Score: 4, Interesting

The company that made the CueCat wanted to be able to do just this eventually. When I worked at Radio Shack in the early 00's we gave these stupid things away. Information coming down the pipeline said they eventually intended to make a device that connected to the PC and would respond to audio cues in advertisement on TV and open a browser to the product page. At the time it sounded retarded, like, "who the fuck would want such a thing?" Laugh's on me I guess, everyone wants an Echo or Home now.
1. Re:CueCat all over again by 93+Escort+Wagon · 2017-04-12 13:26 · Score: 4, Insightful
  
  Laugh's on me I guess, everyone wants an Echo or Home now.
  "Everyone wants an Echo" isn't the same thing as "Everyone wants a device that can be manipulated by an advertisement in a movie, TV show, or web video".
  Disclaimer: I have no desire to purchase either an Echo or a Home - I just don't see any significant advantage to owning them, while I do see a lot of potential disadvantages.
  
  --
  #DeleteChrome
2. Re:CueCat all over again by rtb61 · 2017-04-12 13:55 · Score: 4, Insightful
  
  You kind of should belittle people who want that shit it it's current state, in opposition to the marketing that tells them they are special if they buy that shit. Counter marketing is fair and reasonable in today's market place. Purposeful hacking by Burger King, well, technically it is a computer crime, although the bar for security is exceedingly low, they still did intentionally hack and abuse a computer network, that network being between the consumer and Google, this done in order to steal advertisement time worth millions of dollars. So really quite naughty and a criminal offence, technically.
  
  --
  Chaos - everything, everywhere, everywhen
3. Re:CueCat all over again by mrchaotica · 2017-04-12 14:02 · Score: 2
  
  I remember grabbing one of those because it was a free hackable barcode scanner, but I never got around to actually doing anything with it. I'm pretty sure I still have it in the bottom of a drawer somewhere.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
4. Re:CueCat all over again by alzoron · 2017-04-12 14:15 · Score: 2
  
  They were pretty handy at the school I worked at. Getting new equipment was a red tape nightmare and we needed some more barcode scanners in the library. Hooray for CueCat.
5. Re: CueCat all over again by Anonymous Coward · 2017-04-12 16:41 · Score: 3, Informative
  
  Wow. A smart home sounds like an awful lot of money for very little benefit. I honestly never cared for all the gimmicky stuff individually, and thought perhaps the synergy of it all would add up to something more, but... literally everything you described, I have alternatives for that don't require a smart house.
  I have a programmable thermostat -- very versatile, and no need for a Nest. I have friends with a Nest... and they aren't all that impressed with it even after months of training it. I have an android tablet with blutooth speakers, so I can get 90% of the voice activated features you listed just by... carrying it around with me. Smart plugs don't excite me -- they didn't even back when they operated on "the clapper." I have a remote for a power strip for a room with no overhead light, and it suits me fine. The smart lock is interesting, but I'm wary of an IoT device that also has wireless keys as I know thieves copy wireless car signals to pop trunks and open garage doors. I have an alarm system, and it tells me whether or not all the doors and windows are shut (though not whether they're locked!) The Phillips Hue bulbs... it's a nice gimmick to sell LED bulbs for 3 to 5 times the price of their competitors to sync with IoT or TV shows, but... I just don't see the appeal. Perhaps if I had a basement theater room like another family member had, I could install the fancy bulbs for a more engrossing experience. As for TVs and remotes... The Harmony is an excellent remote -- but, I have no need for it... b/c I don't watch TV on cable anymore... not directly anyway. My TVs are basically monitors for laptops which display streaming media -- including Charter's Spectrum web streaming for my cable service. So, there's no need to flip channels, it's just point and click & I can use the app on my tablet to switch channels on my boxes or set the DVR anyway.
  I'm sure smart homes are the future, but I see a better version down the line that makes the current IoT setup look like child's play. And, just fyi, every device you add to a wireless network degrades the quality of the network for all other devices within range with overlapping frequencies b/c for most wifi setups, only one device can truly talk at a time, and when two or more talk at once, they both shut up and then re-broadcast at a new random interval. So, IoT with dozens of wifi connections... really crappy wireless network quality.
  I'll wait 'til we have personal AI that isn't cloud-based, but home-based and has privacy protections and my interests at heart rather than the company that sold it to me... and wired network connections wherever possible!
6. Re: CueCat all over again by vux984 · 2017-04-12 16:58 · Score: 4, Insightful
  
  You can say, "Alexa, goodnight," and all the lights turn off, the tv turns off, any electronics turn off, the AC adjusts, and Alexa makes sure the doors are locked and reports their state.
  
  And then you change your wifi password and spend 3 days chasing down random things you forgot about.
  Then the over priced door lock breaks, and you don't even notice for 3 months. It mean... it says it was locking and unlockng but the bolt wasn't moving.
  Then some sensor flakes out and turns your heat off. And worse, you turn it on manually... and then it promptly gets signaled to turn off a few seconds later. And your not home... and your wife has to unplug the nest to stop it from shutting the heat off until you can get home to figure out what is wrong.
  Meanwhile the asshole kids next door figured out how to take remote control of your smart TV...
  
  While watching tv, you can use Alexa to pause, play, skip forward/backward, and change the volume, etc.
  Unless you turn it up to high by accident and Alexa can't hear you telling it to turn it back down.
  
  You can have home presets, where you can say, "Alexa, it's party time," and all the Hue lights set their colors and brightness, the AC turns adjusts, party music fills the house, and all the TV's in the house turn on and tune in various sports channels.
  And then your son storms upstairs pissed that you screwed up his guild raid with your bullshit ... again.
  
  With Alexa, you can control anything the Logitech Harmony Elite can control. So, anything with IR and many WIFI controlled devices.
  Yeah, I have one of those. I love it. But its also pretty fallible. It'll end up on the wrong TV input, it'll get its states mixed up 'toggle power' on the wrong thing or put the HTPC which was awake to sleep when i select it. No big deal, tap tap tap... problem fixed. I really don't want to talk to it... or have 3 people in the room all trying to fix it by issuing voice commands.
  
  Once you can trigger events across your home with your voice and not just turn on a light, you just can't go back.
  Yeah, lets come back to this one.
  
  You can have home presets, where you can say, "Alexa, it's party time," and all the Hue lights set their colors and brightness, the AC turns adjusts, party music fills the house, and all the TV's in the house turn on and tune in various sports channels.
  I pretty much guarantee you that you spent more time setting that mode up, then I'd ever get back using it.
  And THAT is where home automation is at. Its a great toy for the person who WANTS to play with it; who enjoys spending hours setting up programs they'll only use twice. Who enjoys debugging all the glitches. Who's ok when a power surge blows $500 worth of smart light bulbs. Who doesn't mind doing a firmware upgrade on his front door lock.
  But for the average person, no, its not like caller id. Caller id is simple and just works. And when it fails, it just says unknown number and you have to pick up the call to find out who it is or let it go to voice mail. Home automation is a rube-goldberg machine that is a lot of fun if you like building and maintaining rube goldberg machines -- but its not practical and it frequently fails in pretty spectacular ways.
7. Re: CueCat all over again by djrobxx · 2017-04-13 03:23 · Score: 2
  
  Caller id is simple and just works. And when it fails, it just says unknown number and you have to pick up the call to find out who it is or let it go to voice mail. Home automation is a rube-goldberg machine that is a lot of fun if you like building and maintaining rube goldberg machines -- but its not practical and it frequently fails in pretty spectacular ways.
  I've had a Z-wave HA system going for around 8 years. It is like caller ID - if the controller fails, I revert to using the wall switches. Z-wave can be a bit finicky to set up initially but the only real failure modes I've had are dead switches, which I've had actually more of with my bath fan timers that are not part of the HA system. I've had zero problems with door locks. They're great not because I can "unlock it with my phone", but because it makes managing the entry codes easy (example: give a temporary code to a contractor), and because they can alert you when someone punches in a code.
  I will say having lighting control is on the overrated side. I find that's mostly only valuable when switches aren't convenient to reach. The one I use most often is the back patio light, because I generally don't notice I've left it on until I'm upstairs and about ready to go to bed, and the dog has finally settled down, etc.
  HA made my in-ground hot tub experience a whole lot better. There's a filter pump, a heater, and light, and a water filler valve. The controls for all of these things were in separate and very hard to reach places, and the old mechanical timer used to "conflict" with the heater when I wanted to heat it during its normal filter schedule. Now they're all lined up on one page on my smartphone. And now that I've connected my system to HomeKit via HomeBridge, I can even ask Siri to turn the light on hands free if I'm in the tub and it gets dark out.
  I haven't seen a "spectacular" HA failure since the old X10 days, when noise in your power line might trigger every HA-connected light switch to turn on. :)
8. Re: CueCat all over again by Ksevio · 2017-04-13 04:10 · Score: 2
  
  Most home automation devices are paired with a hub, not directly over wifi. The main use of my echo is to turn on/off lights (sometimes to get weather or train times). It was very easy to set up - pretty much simple and just worked. If for some reason the hub died, the light switches will work.
  
  Also, for my lock at least, there's an independent sensor that detects if the door is locked
9. Re: CueCat all over again by mrchaotica · 2017-04-13 06:10 · Score: 2
  
  You missed the two biggest issues:
  First, half of this shit ships with backdoors from the factory and the other half gets hacked five seconds after plugging it in, which means that not only will you be contributing to a botnet, the device logs (from which your home/away schedule could be deduced) and the recordings of everything you say would be available to every criminal on the Internet.
  Second, all of this shit is explicitly designed to make those logs and recordings available for companies to analyze your habits and market even more shit to you (which is more than bad enough by itself), and will eventually get cross-referenced with all the other data being collected about you to form an Orwellian dystopia of constant surveillance (which is even worse).
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Shouldn't the title read.... by thegrassyknowl · 2017-04-12 13:35 · Score: 4, Insightful

... "Malicious attackers in Burger King's advertising department use vulnerability in Google home to make it do stuff its owner didn't request".
It's a bit rich to call it an ad and chuckle about.
It's a lot scary that it's possible for a remote attacker to ask these devices en masse to do something with nothing more than a broadcast ad. For now it was reading a wikipedia page. What happens when scumvertisers and other malicious adversaries figure out a way to make it spend money without your consent? Or to report to them that you have heard the ad, or worse.

--
I drink to make other people interesting!
1. Re:Shouldn't the title read.... by The+MAZZTer · 2017-04-12 13:54 · Score: 4, Informative
  
  Google can already do strict voice recognition, so I expect in the near future newer devices will have this enabled all the time by default to prevent things like this... also, so they can tie queries to specific people for data mining purposes, of course.
2. Re:Shouldn't the title read.... by Trogre · 2017-04-12 13:59 · Score: 2
  
  It's a bit rich to call it an ad and chuckle about.
  No, that's exactly what it is.
  It's a lot scary that it's possible for a remote attacker to ask these devices en masse to do something with nothing more than a broadcast ad. For now it was reading a wikipedia page. What happens when scumvertisers and other malicious adversaries figure out a way to make it spend money without your consent? Or to report to them that you have heard the ad, or worse.
  It's not scary at all.
  That risk already exists, is absurdly obvious, and has been made VERY clear on both tech forums and mainstream media. Anyone with ANY clue about phone security, and this includes people who lock their phone, has already disabled the voice feature so it isn't an issue for them.
  It's about as scary as the thought that if you leave your house front door open someone could just walk in.
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
3. Re:Shouldn't the title read.... by thegrassyknowl · 2017-04-12 16:37 · Score: 3, Interesting
  
  No, that's exactly what it is.
  No, it's intentional, premeditated unauthorized use of a computer of computing device. You can bet the farm that nobody authorized Burger King to assume control of their Google device and cause it to access the Internet. That it was in the form of a broadcast advertisement for a large corporation doesn't make it any less heinous to my mind.
  
  That risk already exists, is absurdly obvious, and has been made VERY clear on both tech forums and mainstream media. Anyone with ANY clue about phone security, and this includes people who lock their phone, has already disabled the voice feature so it isn't an issue for them.
  Anyone with any clue about security already avoids these things. Many with no clue about security are buying them up for the shiny factor. It is scary because the sort of people who don't have a clue are the sort of people buying them. Even people who care about security are buying and using voice activated devices.
  
  It's about as scary as the thought that if you leave your house front door open someone could just walk in.
  The average person understands that risk quite well. They might not assess its severity correctly, but they understand it. The average person does not understand the risk of these smart devices, and they remain wilfully ignorant when more knowledgable individuals try to educate them. Now we have a set of devices that can potentially be turned into a bot net en masse just by a radio or tv broadcast and the usual owner of such a device doesn't have a clue that it's even possible. Hell, they could take all the right precautions (firewall, apply updates, isolated segments, etc) and still be had. This (https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/) kind of attack springs to mind.
  It's scary because Burger King will probably get away with this, paving the way for other corporates to try on the same shit.
  It's scary because "OK Google" isn't necessarily the only trigger word. The attacker only needs to convince the trigger algorithm. If they discover a sound or sounds that are innocuous but trigger it then they can trigger devices without being obvious about it.
  It's scary because these devices have reached a critical mass large enough that a corporation took notice and exploited them.
  
  --
  I drink to make other people interesting!
4. Re:Shouldn't the title read.... by lgw · 2017-04-12 17:37 · Score: 2
  
  ou can bet the farm that nobody authorized Burger King to assume control of their Google device and cause it to access the Internet.
  
  Every single person who installed one of these listening devices authorized every random stranger with a voice to command it to do any damn thing they wanted because that's how the device works. You've made it clear anyone is welcome to control your home by installing it in the first place!
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
5. Re:Shouldn't the title read.... by drinkypoo · 2017-04-12 23:32 · Score: 2
  
  I feel the solution is to fingerprint each voice that says OK Google. If the voice is not recognized, or if the device has been rebooted or even if a certain amount of time has passed, the device should ask the user to supply their passphrase before proceeding. All of these things should be stored and processed locally.
  An attack like this can be defeated even without that, since the device phones home on every activation. If the same voice print is saying "Ok, Google" in multiple locations, you just disallow all but the first one. And if a new one comes in before the "user" could reasonably have gotten there (based on the locations of the devices) then you not only ignore it, but flag the voice as belonging to a malicious actor.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1807 by RyoShin · 2017-04-12 14:11 · Score: 3, Funny

Relevant xkcd
Re:Next ad will target Alexa by mrchaotica · 2017-04-12 14:14 · Score: 2

I see your XKCD and raise you Dilbert.

--
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Re:Next ad will target Alexa by subanark · 2017-04-12 14:35 · Score: 3, Funny

I see your static media and raise you an animated Dilbert: https://youtu.be/7MqhBL9eEts?t...
A Whopper is a lie by innocent_white_lamb · 2017-04-12 17:07 · Score: 2

Whopper is defined as "a gross or blatant lie."
Why the google doodad would talk about hamburgers when asked to define a straightforward word in relatively common use is beyond my understanding. Had they provided a correct answer (and not a hamburger advertisement) this would not have been an issue.

--
If you're a zombie and you know it, bite your friend!
A great demonstration by GeekWithAKnife · 2017-04-12 19:01 · Score: 3

Of why it's an awful idea to force all devices to listen out for the same fucking activation line. Some with "always on listening".

Will google now wake-up and let us train the assistant to trigger at whatever we want? -later matching it only to our voice so it's less likely to activate even if someone knows what we say to activate it.

I like the phrase; *white noise breathing* "Luke, this is your father." -let's use that.

--
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
Better Idea by Demena · 2017-04-12 21:34 · Score: 3, Insightful

Google should have cheated on the sort algorithm and put in their own add in top place: "A slab of muscle tissue from an immature castrated bull between two lumps of overheated grains stripped of their nutritional components, accompanied by...."
Re:Missed opportunity by tattood · 2017-04-13 07:51 · Score: 2

or even "hamburger royale".
I think you mean "Royale with cheese".

--
WTB [sig], PST!!!