I’ve been wondering about passwords. Or some method of authorising certain actions.
For example, if you want Mycroft to do something that requires root, will there be a way of giving it permission to do so without you having to speak your password out-loud (obvious security risk #1) and for it to then be sent off to remote servers for processing (obvious security risk #2)?
Or will Mycroft be designed to never do anything that requires elevated-privileges?
Even if this is the case, I can imagine certain situations where it should only do something if he user has been validated. It would probably have to be a pass-sentence rather than a pass-word. And even then, it’s still just as vulnerable to obvious security risks #1 and #2.
This is all assuming that v1.0 will not have the ability to differentiate users by their voices alone - oh, unless there’s a kinda “voice-print” ID service out there for this very purpose that it can use?
Any thoughts on this?
At this time, speaker identification is a “hard problem”. There are no known (at least, to me) open source implementations, nor are there any 3rd party speaker-identification-as-a-service services publicly available.
This isn’t a new problem in the space. As far as I’m aware, there’s nothing to prevent someone walking into your home and saying “Alexa, buy a big-screen tv”, or from an arbitrary person holding your phone to use Siri or Google Now.
A possible security mechanism could be to allow users to specify a set of actions that require elevated privileges, and require 2FA to complete the interaction (via SMS, email, or push notification).
Ideally I think an embedded fingerprint scanner would be most convenient however I would expect it to be too expensive. As an alternative, what about using NFC (with text message 2 step verification as a backup)?
There’s also the possibility of facial recognition, but this would of course require the camera module that never got funded.
Although it’s not that difficult to print up an image capable of tricking the facial recognition software (or use a tablet display).
I was thinking about this and all i could come up with was using your smart device or computer as 2FA device to approve the request. I would look at FIDO u2f or yubikey for inspiration.
That’s a fair point - or indeed one of the many family photographs that could well be lying around the home. Still the purpose here I guess is to protect someone’s Facebook account from a sibling, more than to keep the NSA out. You’re right, I don’t think it would be appropriate under the circumstances, but still, I keep thinking back to this quote from an article I read on Ars Technica the other day:
“The question is not whether the biometrics are better than a long, strong, secure password, but rather whether they’re better than a weak, short, repeated, or perhaps even non-existent password. This isn’t about setting a new ceiling on system authentication security; it’s about raising the floor. Windows Hello makes it very easy to use something that’s better than a bad password.”
Maybe rather than involving Mycroft servers, we could do a form of 2FA from the Mycroft unit itself to one of the users’ phones with the companion app. That way, permissions could be controlled by the admin user different types of authority to different users’ phones.
Just out of interest - I wonder how much easier the problem would be if we made everyone say the exact same phrase?
How does Google Now discriminate between voices? I know it has something to do with the natural vocal frequency of the speaker. Could this be used by default in conjunction with an informative notification for low-security activities such as posting to facebook? And if the user chooses, they can require two factor authentication for low-security activities, as well.
I do remember something about the fundamental (lowest) frequency being a good indicator of head size
I think my ideal setup would be a locked mode for mycroft. That could be locked and unlocked with a home security keypad. I could run local voice recognition on my server for user recognition. Guest could introduce themselfs and it could create a profile for guest with appropriate privileges. On the back end I’d like to add noise and work on anonomizing user’s data.