New Device Tracks Unauthorized Audio Recordings Streamed by Smart Home Devices

At the Technical University of Darmstadt, scientists have joined with partners from France and the United States to design a novel device that can detect when audio recordings are streamed to the Internet by smart home devices, without the consent of the users.

The prototype of LeakyPick watches over all devices with integrated voice assistants. Image Credit: Technical University of Darmstadt.

Developers of smart home devices are progressively adding voice assistant traits to an extensive range of devices such as doorbells, security systems, thermostats, televisions, and smart speakers.

Therefore, a majority of such devices are fitted with microphones, which raise considerable concerns with regard to privacy. For example, users are not always informed when audio recordings are delivered to the cloud and are not aware of which individuals are likely to have access to the recordings.

Wrong Wake Words

The researchers from the profile area cybersecurity (CYSEC) of the Technical University of Darmstadt and their associates were able to demonstrate that several devices with built-in voice assistants can accidentally listen to conversations.

Usually, a wake word activates voice assistants, as in the case of Amazon’s Echo, which is typically woken up by sentences beginning with “Alexa.” The researchers performed a wide range of experiments with voice assistants, such as Alexa, and detected various English terms that are incorrectly interpreted by Alexa as wake words.

Such wake words activate the voice assistant, which results in a sudden transmission of audio. Instances of these words involve day-to-day words like “mixer” or “letter.”

During their experiments, the scientists used terms that are both spoken by the human voice and the synthesized voice. To overcome this issue, they have designed a proof-of-principle device that identifies such anomalies and constructs a completely functional prototype.

Dubbed LeakyPick, the device can be positioned in a user’s smart home and applied to test other voice assistants in its proximity on a routine basis through audio commands.

The resultant network traffic is tracked for statistical patterns that would denote audio transmission. The LeakyPick subsequently determines the devices that are recording the audio without users’ knowledge and then informs them.

In addition, the LeakyPick device could help against an advanced attack on Alexa, the voice assistant. In such attacks, the adversary transmits commands and wake words in the ultrasonic range, which is not audible to humans, and places orders online with Amazon, for instance.

The human ear cannot pick up the ultrasound commands, which are interpreted by Alexa. The LeakyPick device detects this activity in the network traffic via statistical pattern analysis for benign behavior.

At present, the device is in the prototype phase and is yet to become commercially available.


Tell Us What You Think

Do you have a review, update or anything you would like to add to this news story?

Leave your feedback
Your comment type
Azthena logo powered by Azthena AI

Your AI Assistant finding answers from trusted AZoM content

Azthena logo with the word Azthena

Your AI Powered Scientific Assistant

Hi, I'm Azthena, you can trust me to find commercial scientific answers from

A few things you need to know before we start. Please read and accept to continue.

  • Use of “Azthena” is subject to the terms and conditions of use as set out by OpenAI.
  • Content provided on any AZoNetwork sites are subject to the site Terms & Conditions and Privacy Policy.
  • Large Language Models can make mistakes. Consider checking important information.

Great. Ask your question.

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.