Slashdot Mirror
Burger King Won't Take a Hint; Alters TV Ad To Evade Google's Block (washingtonpost.com)
ewhac writes: Earlier this week, Burger King released a broadcast television ad that opened with an actor saying, "Ok, Google, what is the Whopper?" thereby triggering any Google Home device in hearing range to respond to the injected request with the first line from the Whopper's Wikipedia page. Google very properly responded to the injection attack by fingerprinting the sound sample and blocking it from triggering responses. However, it seems Burger King and/or its ad agency are either unwilling or congenitally incapable of getting the hint, and has released an altered version of the ad to evade Google's block. According to spokesperson Dara Schopp, BK regards the ad as a success, as it has increased the brand's "social conversation" on Twitter by some 300%. It seems that Burger King thinks that malware-laden advertising infesting webpages is a perfectly wonderful idea (in principle, at least), and has taken it to the next level by reaching through your TV speakers and directly messing with your digital devices. You may wish to consider alternate vendors for your burger needs.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Google should know it's a recording when it hears the exact same question asked exactly the same way a second time.
https://www.xkcd.com/1807/
Who's been the dick here? Burger King. Pretty simple.
Sometimes a real dick will perform a much needed public service. This is one of those times.
Who didn't really see this coming? You enabled voice activation... you got "voice" activation. Be careful what you ask for.
I just love it for the brilliant hack it is. And on several levels: First, there's the obvious spam of the Burger King attention grab. Yet, it is clever and innovative - nobody has done it before. Then there's the finger-pointing at Google, and ultimately any gadget that is constantly listening and sending your conversations off to some cloud warehouse. Did they come up with the idea after the latest CIA Wikileaks? Finally, there's the loss of innocence and naivete in the sound triggered implementation. BK's ad agency must have realized that once this cat is out of the sack, there's no turning back. Now everybody will try to hack sound triggered devices. It renders them useless, which is great, since it was such a pathetic interface in the first place. Everybody just seems totally retarded trying to speak to their phone, saluted by "OK, Google". Usually, they have to try a couple of times before it works. Good riddance!
I love it. I'll definitely have a Burger King Four Cheese, Ultimate Bacon, Whopper tonight! Love it!
Is it not possible to change the activation phrase for your digital device? It seems to me that leaving it at the default is about as intelligent as leaving the default administrator login and password for a router. Sure, no one should try to take advantage of you, and in an ideal world they wouldn't. However, this isn't an ideal world and hopefully this serves as a lesson to you with little actual harm done. Given that the harm done is essentially minimal, you should probably thank Burger King instead of admonishing them.
It's possible to think both that Google Home is an invasive piece of spyware and that Burger King is awful for exploiting it.
There's no point in questioning authority if you aren't going to listen to the answers.
Lighten up. It is harmless and funny. The worst that will happen is your device will tell you what a Whopper is. I would go buy a Whopper today if I wasn't a veggie.
Congratulations, folks... BK has successfully demonstrated a giant vulnerability in Google's (and Amazon's, and Apple's...) product - it responds to voices from people it doesn't know, and the default access phrase is well-known.
Maybe instead of whining about Burger King, you can pressure your vendor to fix their design flaws. Or better yet, disable all voice recognition/spying devices and banish them from your house completely.
Hire a Linux system administrator, systems engineer,
I *HAVE* perspective, you twit.
I was around when Canter and Siegel "discovered" spamming, and suddenly the burden of deflecting what became billions of unwanted, exploitative, obnoxious emails fell upon the end-users, the people least equipped to deal with it. (And no, spam is by no means a, "solved problem," or a large chunk of Barracuda Networks' business would no longer exist.)
I was around when that chowderhead Brendan Eich kluged JavaScript into Netscape and fscking enabled it by default, even though the massive problems with macro viruses in Microsoft Word in the years prior clearly showed what that would lead to. Now we have scripts being uncritically yanked in from thousands of sources, rampaging around in our browsers looking for any datum they can exploit to our disadvantage.
Mark my words: If BK and its ad agency aren't smacked for this, hard, it will get worse very quickly. Every media source will become an attack vector. And sophists such as you will dryly intone, "Get better security," fully aware that that aphorism will solve nothing.
And lest you think I'm merely a member of the Tinfoil Hat Brigade: I, too, can be a smug shit about this. I have never trusted cookies or JavaScript, keep my browsers thoroughly nerfed, and I use a console-based mail reader. The result is I have only moderate patience for people victimized by advertising, malware, or phishing. The tools are there; they have but to learn how to use them. Don't even cost nothin'. But there is a boundary when you stop being a Clever Clogs for making the other guy's computer unexpectedly go beep and you become an active exploiter and victimizer of the weak and ignorant.
BK crossed that line. They need to be smacked.
Editor, A1-AAA AmeriCaptions
This ad wasn't harmful, but it exposes what possibly could be done if someone wanted to be malicious.
So it is funny, harmless, and educational. That is even better.
There's a lot of malice that could be carried out if someone wanted to
Yes, people can do bad things. That doesn't mean that doing things is bad.
If anyone should be criticised here, it is Google, not BK. They should have some extra security, such as learning to recognize the voices of authorized users, or requiring an extra code word for purchases or IoT commands (basically anything other than just a request for info or to play a song).
Disclaimer: I have a Google Home and I am mostly happy with it.
BK, your intrusion into my digital devices, has exempted you from EVER receiving my business again. Boundaries guys... Boundaries.
I for one am actually thankful to BK for taking this next step in demonstrating the *inherent* danger of the Google and Amazon products. People are right to compare this behavior to that of a criminal enterprise, because a criminal enterprise would behave exactly the same way if Google reacted by implementing such a half hearted and inept "fix" for the problem. BKs response is very much a good thing because it is exposing Googles complete disinterest in security, and has exposed Google product failings to the light of day.
That having been said, Google is the party that should be shamed here, not BK.
I wish I had a good sig, but all the good ones are copyrighted