Slashdot Mirror
Burger King Won't Take a Hint; Alters TV Ad To Evade Google's Block (washingtonpost.com)
ewhac writes: Earlier this week, Burger King released a broadcast television ad that opened with an actor saying, "Ok, Google, what is the Whopper?" thereby triggering any Google Home device in hearing range to respond to the injected request with the first line from the Whopper's Wikipedia page. Google very properly responded to the injection attack by fingerprinting the sound sample and blocking it from triggering responses. However, it seems Burger King and/or its ad agency are either unwilling or congenitally incapable of getting the hint, and has released an altered version of the ad to evade Google's block. According to spokesperson Dara Schopp, BK regards the ad as a success, as it has increased the brand's "social conversation" on Twitter by some 300%. It seems that Burger King thinks that malware-laden advertising infesting webpages is a perfectly wonderful idea (in principle, at least), and has taken it to the next level by reaching through your TV speakers and directly messing with your digital devices. You may wish to consider alternate vendors for your burger needs.
BK, your intrusion into my digital devices, has exempted you from EVER receiving my business again. Boundaries guys... Boundaries.
This is absolutely beautiful. It's also amazing that Google voice can't distinguish a voice from a speaker. Sounds like Google f'd up.
There's gotta be artifacts in the sound ?
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Or, you might consider NOT placing an always listening piece of spyware into your private home....
... How do you program this thing to only recognize my voice.
We all know that security is a mess, and that without having everything explode all the time, we're too lazy to do anything about it. "It woiks, dunnit, guv?" Well, no, it only seems to work, but in reality it's a bomb waiting to go off. I'd rather it's an advert than a targeted attack by, say, some Nigerian Royalty or other. So go Burger King. Even though I'm unlikely in the extreme to ever eat there. I salute you for this public service.
Sounds like it's time for Google to alter the search results when someone searches for Burger King.
Google should just block all references to Burger King, from all searches ....
Hell, I love this. Google Home, Alexa, et al. are CueCat 2.0, and anything that exposes to the general consumer how sketchy and seedy they are is a plus for mankind. I fucking salute Burger King for taking this bold step towards educating the citizens about Google Home and consumerism. I was going to have a healthy salad tonight, but, after reading this article, I'm going to walk my ass up to Burger King and have a goddamned Big Mac or whatever the hell it is they sell. I might not even eat it, because I hate burgers, but I want to give this company my money and support.
If you are dumb enough to use a surveillance device which records, interprets and stores everything said, you deserve to be slowly skinned alive.
Google can easily modify it so any search at ALL mentioning Burger King now has the first result be the location of the nearest McDonald restaurant. When I say all searches, I mean ALL searches, even when you type it into google's main search page.
Then tell BK that if they want this to stop, all they have to do is a) cease all attempts to game google's voice commands, b) publicly apologize, c) pay $100,000 to a charity of Google's choosing. and d) agree to never again be such a douchebag.
excitingthingstodo.blogspot.com
This commercial is not malware. Just because you have some stupid gadget in your house that is easy to exploit, your sensationalist claims are not true.
Their food is crap anyway. No amount of advertising can make up for it. At one time they had quality ingredients but all that went away. I'd rather go home and make a bologna and cheese sandwich. It's cheaper and better.
How is the TV-thing making the google-thing read you the wiki-thing translating to "malware-laden advertising infesting webpages" ?
next question being, how is this not "unauthorized use of a computer system"?
And final question is... How long before the wiki-thing starts telling the google-thing to start talking about the sexy-thing instead of the burger-thing?
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
For what it's worth, my opinion is to do this:
"OK Google, what's in a whopper?"
"Hello, The Burger King(tm) Whopper - search results on Burger King(tm) have been removed due to terminal stupidity of the company. Enjoy a WhataBurger(tm), it's better anyway."
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
This story made me smile from ear to ear. Burger King basically saying F You to google. This is hilarious.
I'm still not interested in eating at no but this is fantastically hilarious.
https://www.xkcd.com/1807/
Google should respond by relaying the sound clip using their street cars to the Burger King drive thru radio frequencies when they pass by.
I could not be happier.
What Burger King is doing is taking what seemed like a good idea, but isn't, and fucking it up so the grown ups will have to step in and straighten it out. It's kind of like how the Nazis took what sounded like a good idea (eugenics) and fucked it up so bad that people can't even say the word without causing seizures.
Block Burger King from any and all search results. Done.
Oh fwahh!
Burger King is exposing why running headlong into this always listening IOT, complete with credit cards and ability to unlock my doors, might possibly not be the best idea in the world.
Feel grateful that getting pwned only means you have to listen to an advertisement.
Most life lessons this potentially important are usually much more expensive.
..have you considered.. NOT having your gods-be-damned Google contraption turned on 24/7/365??? Seriously, people..
"Ok Google, the time has come, execute Order 66...."
In at least some jurasdictions, 'hacking' is defined as "unauthorised access to a computer system". I wonder if there are grounds for a criminal investigation of an advertisment that is intended to do exactly that? After all, just because it's insecure doesn't make it legal to abuse.
I worked for a company that shared office space with a company which did voice logins over a decade ago, and back then they were processing voice commands to make sure not only that they were spoken by the appropriate party, but also that they weren't a repeat of a recording. And they could detect pitch-shifted and speed-shifted versions of a recording, too. And they could do all of this over the POTS network at ~8kHz...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Lets see how Burger King likes their top search term being Goatse Guy.
Have gnu, will travel.
What is the evidence for this: "It seems that Burger King thinks that malware-laden advertising infesting webpages is a perfectly wonderful idea (in principle, at least)" ? Burger King is only doing what all corporations do naturally: use everything to enhance public opinion AND/OR profit. They owe nothing to Google....not yet anyway.
Buy two dozen Whoppers. OK Google, thanks.
(For those who use screen reading software and have a Google Home with no security.)
The article over at Hackaday has a good summary of the situation:
The friendly Burger King employee ends the ad by saying “Ok Google, what is the Whopper burger?” Google home then springs into action reading the product description from Burger King’s Wikipedia page.
Trolls across the internet jumped into the fray. The Whopper’s ingredient list soon included such items as toenail clippings, rat, cyanide, and a small child. Wikipedia has since reverted the changes and locked down the page.
Google apparently wasn’t involved in this, as they quickly updated their voice recognition algorithms to specifically ignore the commercial. Burger King responded by re-dubbing the audio of the commercial with a different voice actor, which defeated Google’s block. Where this game of cat and mouse will end is anyone’s guess.
My response on reading that: "Bwa ha ha ha!"
There's a lot to chuckle about.
That is really funny, I'm actually more likely to stop at Burger king then McD now.
Hey Siri, What is this Google Home Shit?
As a further point on home assistants, someone at Hackaday suggested that if you want to burgle a home, try shouting "Alexa, unlock the front door!" through the letter slot.
I'm totally expecting some wag with a really loud car stereo system to drive through a high-price neighbourhood playing a loop of that.
Don't use these 'personal assistants' in the first place. They're pernicious spyware.
It was cute. Now it's criminal.
Seven puppies were harmed during the making of this post.
When it was DeCSS, we all laughed about the concept of "illegal numbers."
Now I'm reading drivel that labels a perfectly normal English sentence to be an "injection" attack?
It's not even an attack! It's using the device exactly as intended! An attack would be if it somehow overrode security and ordered you dinner.
To make sure the world knows that this kind of behavior won't be tolerated, Google should do something that will annoy the board of directors of Burger King's parent company. Here's some pseudo code for a response from Google Home to the Burger King ad:
if (Burger King stock price is down):
say "The Whopper is a hamburger from Burger King, owned by Restaurant Brands International whose stock price is currently falling."
else if (Burger King stock price is up):
say "The Whopper is a hamburger from Burger King, owned by Restaurant Brands International whose stock price is currently considered overvalued by", list of market gurus
else:
say "The Whopper is a hamburger from Burger King, owned by Restaurant Brands International whose stock is stagnant."
Deduplication has been used in a number of services including email servers for decades. Rather than having to manually respond to recorded audio which triggers voice assistant, maybe Google and Amazon should learn from history and perform finger-printing on all queries looking for signs of unnatural duplication. If there is duplication, then just automatically stop responding. If everyone after the second person to watch an advertisement no longer get a response from Google Home then it will become clear that simply updating the advertisement won't work.
I remember watching Max Headroom as a kid, and this whole thing reminds me of it. I just can't put my finger on exactly why. Oh well, time to go find it and rewatch.
Rule 35 of the internet: "If it can be hacked, it will be". - Charles Stross
This week, the US dropped the MOAB and BK dropped the WOPR.
Google could add a prompt asking if queries or commands are filtered or ignored entirely. The browser extension is great; I have not seen a search result from "toms-super-always-drivers.mx" or "experts-exchange.com" since release.
After a signature of misuse is detected Google could push out the prompt with the next instance. Similar to how they are reacting to the problem now, but with greater and long lasting consequences. No libel required, just respond that saying the company misused your personal equipment with authorization. They are no longer allowed to participate in the [whatever business] program.
Definitely make it shorter though, like the easy-English version of Wikipedia.
OMG facts!
Are you the type of person who drinks wine with your pinky firmly up because that's just how you drink wine?
I'm cracking up. Not just at Burger King's playful antics. But at your response to it. They're trying to demonstrate something to you in a really passive and playful way, but instead of responding with curiosity and intelligent inquiry, you lambast them and chastise them for their nonstandard approach.
Let's face it. There are more than one way to hack devices, and if you focus strictly on how they're supposed to be used and flame companies who walk lines you so carefully drew, you not only miss out on the perils this presents, you miss out on possibilities which can and quite likely will lead to innovation.
What are the possibilities and discoveries to be made with this?
I dont know., But that doesn't mean they don't exist. I'm still too busy laughing at your sky is falling chicken little boycott bk rant. Once I cough up my Ramen you almost made me choke on, I'm sure I'll think of something.
But seriously dude. Lighten up. Breathe. There's better ways of dealing with this situation as an end user and consumer than punishing BK for having a little fun. And if it poses problems for Google, then that's cause for Google to take a good hard look at itself and it's processes to reflect on why they're so concerned about the device's physical location and load caused by an errant commercial, which in my opinion they shouldn't be.
When asked "OK Google, What is the Whopper?"
ANSWER: This topic is blocked, because of abusive behavior by Burger King marketers.
The Whopper is also a controversial food, because it is so unhealthy to eat. Recommend you
consider Fresh kale or a Spinache salad, instead.
In an arms race to destroy the world.
Congratulations, folks... BK has successfully demonstrated a giant vulnerability in Google's (and Amazon's, and Apple's...) product - it responds to voices from people it doesn't know, and the default access phrase is well-known.
Maybe instead of whining about Burger King, you can pressure your vendor to fix their design flaws. Or better yet, disable all voice recognition/spying devices and banish them from your house completely.
Hire a Linux system administrator, systems engineer,
it's a brilliant ad. Go home fucking google shills...
Maybe they should put some kind of security on it instead of making a voice activated device that can make purchases for you? This is a serious security hole in that anyone can order it around on your behalf with no authorization whatsoever. This is Google. They should know better than to put something online that does nothing whatsoever to authorize the users and expecting it not to get exploited.
I'm just glad it's something public and trivial, even if BK are kind of being jerks here. You're only going to see more exploitation of this now, not less. Fix it or get rid of it.
I like how TFA and others make it sound like BK is the bad guy.
What they did is funny and relatively harmless (except for Google's reputation maybe). It also shows the HUGE issue that always-listening devices are.
I'd rather BK make fun of it, than someone else. Users have no control over these devices whatsoever. The company listens to everything they say, and can decide to act on it or not.
Otherwise, what's next? TV ads says BK burgers are good, and the Google voice comes up to tell you how you should get Google burgers instead? Or how about you're discussing with friends that you're going to go to Starbucks to get a coffee, but Google reminds you there is a closer coffee shop (that happens to be sponsored), which is Phil's ?
Sounds crazy today, but in 5y from now it will sound perfectly normal and something we have to deal with day to day. I'm all for making fun of it, showing the flaws and exploiting them in these ways before it become the new normal.
OK, Burger King had their fun. Google said play time is over and put an end to it.
Maybe before one could easily see it as light hearted fun, but I think now it is officially crossed over the line into harassment of Google Home users. I am not sure how fast Google will escalate their responses, but if Burger King keeps continuing on this path I can't help but wonder if Google will start legal action to get the commercial taken down. I am sure there is a legal option in here somewhere.
I imagine Google's next step would be to block the specific voice clip again, and probably make a public statement warning of their next steps if this continues. They may block queries about the Whooper, alerting users of Burger King's abuse of Google Home systems in conjunction with whoever is airing the ad, and (I would love this if they do) providing links to resources to legal services that compete with TV (Netflix, etc).
If nothing short of legal action is ultimately working, they may sue whoever is running the ad to get them to take it down. Google is their trademark and it's being used in the commercial, and it is being used to harass Google users, there has to be some legal ground there Google can use. And if there's any violation of copyright involved, the DMCA would provide an easy way to get the commercial taken down (assuming the DMCA can be used for more than taking down fair use YouTube videos).
surprisingly, was what one company thought was a clever broadcast television add, using AI to trigger an expected response from the customer's private AI. The customer's AI system reacted to defend itself, as and the attacking AI worked to defeat the defenses. As the battle escalated, considerable damage was done to bystanders, with several hundred thousand people being rendered deaf. The initial government response was simply to place regulations on advertising, but similar events, some with even more casualties, continued. The public outrage about being basically injured by corporate crossfire brought about the first Computational Limit Laws, which still stand as the most basic protection from computational exploitation These common sense regulations have helped bring about a reversal of automation, and saved hundreds of thousands of jobs, and brought about a new golden age for workers. As always, the guiding principle is "Make no machine in the image of the human mind"..
Well, that was fun. Pity nobody will ever read it.
All devices should default to "Hey, computer" because that is what all these things are. They should also allow you to change the phrase if you so wish.
Make the response -
A slab of dead cow between carbohydrate loaded bread.
If Burger King tries to game the system a gamed response is in order.
Like some others here, I find the stunt hilarious, and the unhinged rant by the submitter equally so. Adults will find this kind of stunt annoying, and kids will find it entertaining. Quite frankly, I'd suggest that such kids' opinions matter more than the submitter's.
Since Google wants to be to pervasive in society, this is the type of exploit that is going to get leveraged.
Also since they want to be listening to everyone everywhere all the time for anything that might be potentially profitable for them, someone will eventually make sound bites that render them moot as quickly as possible.
Have fun, Google!
742 Evergreen Terrace, Springfield.
Google totally failed with Google Now. It will listen to anyone's voice, not just the voice of the person whose Google Account is tied to the device. This is like giving everyone a key to your front door, or just removing your front door altogether.
Google has egg on its face and just doesn't want to admit it, and whomever wrote this summary clearly has Google's Cock so far down their throat that they can't breathe.
A very simple fix is Google having those commericals point to mcdonalds website/products
Malware-laden advertising? That's hilarious. It's a standard TV advertisement featuring an outrageous thing called sound. How dare they? Why is it Burger Kings fault that Google has released a POS device that can be triggered by an advertisement on TV? Google gets to own this one. When anybody other than me says "Hey, Siri" my iPhone ignores the request.
When are the unauthorised access to a computer lawsuits going to start flying?
Really, they should be sued into oblivion for this..
"Unauthorized access of computer systems".
Jail the idiots at the PR firm, and fine BK for singing off on it.
Because the ad is such a riot, we went to BK tonight. Whopper combos were two for $5.
It isn't a Burger King problem. In fact, it is BK pointing out to people who the intrusive entity is: Google.
I bet we were not the only family who has gone to BK becauae of this publicity event.
APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have in the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
Who's been the dick here? Burger King. Pretty simple.
People who put these devices in their homes are like people who paint "Kick Me" in large neon letters on the backs of all clothing they own, then are astounded when someone takes them up on the offer.
I for one admire Burger Kings ingenuity. This was inevitable and better it is a harmless ad rather than the inevitable malware potential come to fruition. Thank you BK for making people THINK about what they have installed.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This commercial is not malware.
Absolutely right. It is just a flame illuminating the potential for problems people have installed, hinting at the possible depth of the darkness beyond.
I really look forward to google home integration with other home features so I can yell through an open window "OK Google Disable Alarm" and then help myself...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
What happens when people start writing, "Okay, Burger King" on bricks, and hurl them through windows of their local Burger King "restaurants"?
Then do you think they'd knock that fucking bullshit off? In solidarity, I won't eat at a Bugger King/Pizza Butt/Taco Hell/etc. again. (It was for a year, for this stunt, now it's TWO.) In solidarity because I don't USE the OK Google crap, nor Siri, (useless,) nor Katana or whatever shit Misrofuck put out to pretend to compete...
Just wondering.
Just like accessing a file or a website, every tim you say something Google will have to filter against millions of crap words uttered in the AI Wars.
So just get used to asking your Google device a question, and it getting back to you in an hour or so.
Man is the animal that laughs.
And occasionally whores for Karma.
As a starter, why don't folks just ensure their device doesn't listen constantly? Mine only listens when a Google app is in the foreground or on the unlocked home screen. It isn't listening when locked.
-.-. --.-
Burger King: 1
Internet: 0
"I am a hacker, and this is my manifesto!" - Some guy with a Whopper
It's a motherfucking hands-free device.
And I thought you can require a pin before making purchases?
It isn't listening when locked.
That you know of. I think what you meant is "It isn't responding when locked".
Anyone who doesn't think that Google Home/Now, Amazon Echo, Apple Siri, Xbox Kinect or Windows 10 is constantly spying on you is naive.
"...malware-laden ad pages..."
"...BLACKLISTED..."
Is it just me, or does all this mock offense feel like it's jumped the shark? BK h4xx3d some voice assistant, news at 11.
Eh. I like the coating they spray on their fries. Will still patronize every year or so.
SQL injection is a simple, crude form of hacking that is easily prevented. Every Web developer worth his salt creates Web forms that block SQL injection. If your site gets hacked via SQL injection, it's your fault as much as it is the "hacker's" fault.
This trigger phrase hack is equally crude and equally easy to prevent. Google and Amazon and Apple weren't thinking too far ahead on this one.
When you buy something using your phone or computer, you have to provide a password. Why oh why would we want to remove that kind of restriction from voice-activated devices? At the very least, they should train themselves to obey only their owners' commands.
Honestly I think this is a great and hilarious promotion and I was super disappointed when it didn't activate my phone when the commercial came on (probably because google had already patched it). If you want to be angry at someone be angry at Google for having a device that listens to everything all the time. The fact that Burger King is able to mess with it just makes Google look bad and Burger King look awesome IMO, but I'm a millennial so what do you expect.
But I don't have In-n-Out here, you insensitive clod!
Furries make the internet go.
Saying two words is malware now? If people are stupid enough to enable an app that can be triggered by just anybody's voice, they don't deserve better. I hope OK-google-bombing is a lasting trend. Movie theaters, exams, waiting queues...
leave ok google on auto? YOU FUCKING DESERVE IT. i DON'T WANT MY VOICE SENT TO GOOGLE EITHER
On the contrary, it is Google and/or anyone who thinks that a system that responds to voice commands by any voice is a good idea that aren't getting the hint.
In my opinion Burger King are doing everyone a favour here, they should keep doing this until people wake up to what a dumb idea this whole thing is, Google should fix their product properly and stop using a bandaid.
My television pwnt my 'smart' assistant!!!
I am willing to bet that Burger King executive math equals
Those Upset Enough at Having Their Google Device Pwnt Those Willing to Laugh at Those Who Have Had Their Google Device Pwnt
"Ok, Google, what is the Whopper?"
"In the world of adult entertainment, a 'whopper' is a male performer with..'
This could have been the greatest rickroll of all time.
Imagine millions of devices starting to play Rick Astley every time there is a BK commercial...
That would be inconceivable!
Never get into a battle of wits with a Sicilian when death is on the line!
What about Siri and Alexa??
But seriously, I think this has been a great eye-opener for people who didn't know or ignored what everyone was saying about the vulnerabilities of these always-on unauthenticated voice-operated devices.
Hell, we were predicting people being able to yell "COMPUTER, FORMAT C: /Y" at peoples' computers if this sort of thing got wide-spread back in the early 90's but nothing has really changed.
Google, Amazon, Microsoft and Apple have basically dismissed or ignored the potential dangers so they can sell more of their devices.
This is a rather benign demonstration of the dangers and will hopefully give them a boot to show that it can't stay the way it is.
It could be a lot worse - Imagine if some exploit is found in the system that can trick such devices to connect to a compromised website which subsequently launches an attack on it.
Spectacularly flawed design and an incredibly obvious attack vector. And now Google, in their endless wisdom, appear to think that making BK a public successful troll instead of admitting that they have a faulty product. Marketing at its best, bravo!
I feel so sig.
"Isn't Burger King a shithead of a corporation? What's next "Google, what's the hottest porn on now?" when your kid is in the room?"
You know all that scare about the black man making FEMA camps? Now you have the Orange Trumpsicle actually making those camps, kicking out genuine reporters of news and all the assorted corruption of a REAL police state going on.
Or you didn't complain about USA's much MUCH beefier (North Korea style) police state, so your comment is invalid.
They'll just kick you off and ban you for being a twat.
> As a further point on home assistants, someone at Hackaday suggested that if you want
> to burgle a home, try shouting "Alexa, unlock the front door!" through the letter slot.
Iâ(TM)m sorry, Dave. Iâ(TM)m afraid I canâ(TM)t do that.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Compilation of the best and latest adult films available today http://vlphim.com/
I don't understand, who watches ads?
I thought that was something from the previous century. People with high-tech devices should already have discarded televison long ago.
Personally, I'd be happier considering not having a device that acts on random audio prompts from things that are outside your control, which is connected to your Internet connection and your local network, sending the data to Google / Amazon / Microsoft / whoever, and has absolutely no security whatsoever.
Burger King are just doing what advertisers do - find a way to make you "click" on stuff. What you have is a device in your home that clicks on anything the advertisers tell it to. I know which one I think is the bigger problem.
or a dictionary definition of whooper
"Exceptionally big or remarkable untruth."
What is a whopper?
Google could adjust which pages come up.
Googling with this search string seems to provide a clearer picture uncolored by BK's marketing and recent press
what is a whopper -savory -flame -ad
These come to mind
http://healthyeating.sfgate.com/burger-king-whoppers-healthy-5386.html
http://www.urbandictionary.com/define.php?page=2&term=whopper
I'm sure Burger King is positively gleeful about all the pearl-clutching, which serves to magnify their marketing reach to the people they're targeting (i.e., people with a sense of humor). The picture in my mind is this: a couple of kids just played Ding-Dong-Ditch and Old Man Grumperton streams out in his bathrobe, yelling, "I'm calling the FBI! You'll be brought up on RICO conspiracy charges before the week is out!" Yes, of course, somebody really ought to talk to those boys' mothers.
all those people having voice-activated "somethings" in their living room that aren't somehow trained to listen only to their voice - and not seeing a problem in it.
They get what they deserve.
Everything else is just a dichotomy between Google and BK, where each profits from the actions of the other.
Windows 2000 - from the guys who brought us edlin
Unprotect the Whopper page. We can stop this unethical and intrusive ad campaign right quick.
Or maybe you're the one incapable of understanding the basic problem here: DO NOT BUY SPYING DEVICES FOR YOUR OWN HOME.
#DeleteFacebook
"OK Google, why are digital utopians so stupid?"
"Digital utopians are stupid because they have deliberately dampened neuron activity in certain parts of the brain that help humans to assess basic risk. They willfully ignore any common sense or cultural references that trivially reveal the risk, and their acceptance of the 'new' is spiced with a sense of entitlement that any consequences of ignoring said risks would only open a treasure chest of legal pushback, where they can play the 'victim/dissatisfied customer' for cash and prizes."
"If the consequences are fatal, their heirs get the treasure."
"This is why people buy voice-activated gadgets."
"This is why people watch Harry Potter movies while their cars speed down the highway."
Ok Google, my Roomba has swelled 10x its original size and my wife is missing. What should I do?"
"Return it for a full refund."
<blink>down the rabbit hole</blink>
This did not result in opening a web page that contained malware.
but malware infected websites isn't exactly accurate
Ethics of the content/intention aside, isn't this fundamentally a DDOS attack? Are Wikipedia's sysadmins notified this was coming? How much additional load is this putting on their servers?
Sure it's obnoxious of them to exploit such a vulnerability, but it was Google who put that vulnerability there intentionally. The interesting thing is that Google responded by blacklisting only one sound sample... not fixing the actual exploit. That's like someone reporting an extremely common form of SQL injection then the software developer only blacklists a single SQL sample. A shoddy quickfix that does nothing to prevent any other advertiser from doing the same. You could call Burger King the White Hat Hacker here and Google the lazy (or unwilling) software developer.
This is not malware you tw4ts
I remember all the same history you do, back to Usenet. I also can tell you that decades of anti-spam laws haven't put a dent in the problem, only better technology has had a real effect. I can also tell you how much of the spam is sent via botnets nowadays, which are poorly secured machines that got compromised.
So inasmuch as we want to fix this, we need to focus on dealing with easily compromised devices. Like Google's, which has no meaningful user authentication built into it. Have we already forgotten the entire Full Disclosure era, which finally pushed vendors into making security a priority?
Sure, fine, BK were dicks to exploit it. Whatever. But focusing on them isn't going to solve anything and the very history you recite shows that legal and social approaches are almost completely ineffective compared to technological fixes.
What is improper is someone setting up a device which responds to "OK Google [anything]" from anyone, then whining when it does exactly what it's set up to do.
An injection attack is taking advantage of something that isn't properly parsing some input. Suddenly adverts have to restrict the sequence of words they use because someone else sets up a device to respond in a certain way? If I set up a device that gives my balls an electric shock every time the phrase "fresh feeling" is used on a TV ad, can I then sue the makers of the ad for giving me an electric shock? Of course not, because I chose that to happen.
Jesus christ, people are dumb.
I like how people who have a computer in their home that literally listens to everything they say are saying "BOUNDARIES, JESUS!"
I think this ad is pretty humorous.
Order me a dozen whoppers and have them delivered.
Now made of 100 percent asshole.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
It's kinda funny. I mean, I...
Don't ever see commercials.
Don't have a device that would get triggered by them.
Don't eat at Burger King.
But I am enjoying my popcorn...
What's funny is if an INDIVIDUAL did this then it would be a clever hack showing off the lack of the target's security awareness. But if an advertising agency does it as an audio pop-up, which it basically is, it's evil and malicious.
Ladies and Gentlemen, you wanted a gadget that listens and does what it's told. You should have thought it through first.
Google should have all searches for "Burger King" pull up articles about food poisoning.
-- Will program for bandwidth
Bad analogy. I don't "get off" on Google or Amazon having some data
It's not about that. Hell, I run my business email through Goole, I'm sure they (and of course the NSA and various other countries) are scanning the heck out of that. Whatever.
The analogy is that you are placing a device in your own that allows ANY audio in (or from outside) your house to make use of your internet connection. The fact that you realize what a bad idea it is and do it anyway - well I'll make another analogy, you are like a guy who smokes 20 packs of cigarettes a day and then is all indignant when they get lung cancer...
It is not a question of if, just when, your device will cause some kind of breach because of its inherent nature. But again, I'm not judging your choice, just saying it's stupid to put one in your house.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The problem is Google responding to the TV. So, instead of fancy fingerprinting stuff, figure out a way to keep your stuff from responding to broadcasting devices like radios and TV sets. Oh, and patent it. And profit!
for this brilliant campaign teaching the gullible consumer zombies about the dangers of "always on" listening devices. Would... if only their junk food was palatable.
I would think the next step is to voice print yourself and train google/alexa to respond to only a specific voice or group of voices. It would seem to make sense to change the name google/alexa responded to, to something personalized as well, say Oscar, like the system developed by a character in the following books...
http://www.goodreads.com/serie...
errr....umm...*whooosh* *whoosh* Is this thing on ?
Cable audio out on TV to "Google Home" device.
Device compares microphone input to audio cable input, and disregards any matches.
Solves this and any other future "exploits".
This is a genius ad campaign. It's pointing out point blank that your privacy is being invaded, and that there is no defense when you invite that kind of Orwellian nightmare into your home. I fully applaud this activity, I just wish they would have it auto-order stuff to drive the point home.
Instead of blocking the voice. All Google has to do is redirect ALL 'what is a whopper' queries to a 'satirical' page that states something along the lines of "a whopper is a burger made by Burger King that competes with Five Guys, McDonald's, and many others large burger chain's burgers. Many find them to be inferior to the competition's offerings. Also if you were directed to this answer because of a TV commercial do you really want to do business with a company with such low ethical standards? Would you like to know where the nearest BK competitors locations are?"
Problem solved... ish.
Still doesnt fix the underlying problem with google security but it would nip this shit in the bud. As it would send a message that if you screw with google they WILL screw you worse.
How about you, Slashdot?
Your fucking site redirects to malware sites and pages of questionable content. What gives?
About 40 years ago I had a belt without holes or even a need for the teeth in your belt. I would slide the belt into a, slot, and then fold the buckle down to "pinch" the belt so that it could not move... no holes, no teeth sown into the leather, very simple and, effective, and infinitely adjustable. I would buy one again today if I could find one.
I actually blame Google for allowing this attack vector. If Google, Amazon, and Apple won't focus on security on their own, then hopefully some deliberate prodding will help them focus on it. That may not be Burger King's intent, but it should be the outcome. As easy as it is to play audio from a website without user consent, it's just a matter of time until we see these methods used for truly malicious attacks. An out-of-band attack to identify Tor users, perhaps? A late-night ad that advised viewers to say "Ok Google, call 1-900...," which "inadvertently" triggered just those calls? Using Wikipedia (which anyone can edit, of course), to create a custom page that exploited a buffer overflow vulnerability in the Text-to-Speech engine, perhaps? Rule number one of security is to never trust arbitrary user input, but from all appearances, these voice recognition devices and apps do just that.
Shame on these companies for not having better security from day one. Security must be a forethought, not an afterthought. Apparently that's a lesson that needs to be learnt over and over again.
https://www.eff.org/https-everywhere
How about filtering electronic voices from activating Google. Unfortunately this will probably be just the start for all Voice Activated devices so I hope the developers will get this fixed for all devices that could be effected and with a solution that will not be a pain to use.