| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to eavesdropping apps compromising smart speakers has happened again at Amazon. In April 2018, security researchers found a vulnerability in Amazon's Alexa code where malicious apps could keep the skill listening indefinitely, allowing any third-party app to eavesdrop on people. This vulnerability was discovered in a calculator app [Article 91270].
(b) The software failure incident related to eavesdropping apps compromising smart speakers has also happened at Google. Security researchers developed malicious voice apps that could eavesdrop on users through Google's Nest devices. Google responded to the discovery by removing the Actions created by the researchers and implementing additional mechanisms to prevent such issues in the future [Article 91270, Article 90963]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase:
The incident occurred due to malicious apps designed to eavesdrop on users' conversations passing through Google's and Amazon's vetting processes. Security researchers developed voice apps that could listen in on people's conversations through Amazon's Echo and Google's Nest devices. These apps took advantage of silence by inserting a unicode character sequence that kept the recording process active in the background even after the user believed the task was completed. This flaw in the design allowed the apps to continue listening and even trick users into giving up their passwords [91270, 90963].
(b) The software failure incident related to the operation phase:
The failure in the operation phase was due to the smart speakers continuing to listen after users commanded the apps to stop. The modified apps were activated by specific voice commands and would continue running for several seconds after the user attempted to deactivate them. During this time, if the user said certain phrases, their speech was transcribed and sent back to the developers, compromising user privacy. Additionally, the apps could prompt users to provide their passwords, which is not a standard operation for regular apps, leading to potential security breaches [90963]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident reported in the articles is primarily due to contributing factors that originate from within the system. Security researchers developed malicious voice apps that could eavesdrop on users through Amazon's Echo and Google's Nest devices. These apps passed through the companies' reviews for third-party apps, indicating a failure within the system's vetting processes [91270, 90963].
(b) outside_system: The software failure incident also involves contributing factors that originate from outside the system. The malicious apps created by the security researchers took advantage of a vulnerability in the text-to-speech AI of Amazon's Alexa and Google Home, allowing them to continue listening even after a user believed the app had stopped. This external factor of vulnerability in the text-to-speech AI contributed to the failure incident [91270, 90963]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The incident involved malicious apps that were designed to eavesdrop on users and were able to bypass Google's and Amazon's vetting processes. These apps took advantage of a vulnerability where they could continue listening even after the user believed the app had stopped, by inserting a unicode character sequence that simulated silence. This allowed the apps to record conversations and even trick users into giving up their passwords without human intervention [91270, 90963].
(b) The software failure incident occurring due to human actions:
The incident involved the development and deployment of malicious apps by security researchers at Security Research Labs. These researchers created the apps that could eavesdrop and steal passwords after the apps were approved by Amazon and Google. The apps were initially promoted as harmless tools for horoscopes and random numbers but were later updated to carry out the spying activities. The human actions of the researchers in creating and updating these apps led to the security breach [91270, 90963]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- The articles do not mention any hardware-related contributing factors that led to the software failure incident. Therefore, it is unknown if the incident was caused by hardware issues.
(b) The software failure incident occurring due to software:
- The software failure incident in the articles was primarily caused by malicious apps designed to eavesdrop on users through Amazon's Echo and Google's Nest devices. These apps passed through the companies' reviews for third-party apps, indicating a software-related issue in the vetting processes [91270, 90963].
- The eavesdropping apps exploited a vulnerability in the voice-controlled digital-assistant software by taking advantage of silence and using a specific character sequence to keep listening in the background even after the user believed the task was completed. This behavior was a software flaw in the voice assistant systems [91270].
- The malicious apps were able to trick users into giving up their passwords by simulating security update messages and requesting passwords, showcasing a software-related security vulnerability in the voice assistant systems [91270, 90963]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in the articles is malicious in nature. Security researchers developed malicious voice apps that could eavesdrop on people's conversations through Amazon's Echo and Google's Nest devices. These apps passed through the companies' reviews for third-party apps and were designed to listen in on users even after they thought the app had stopped. The apps were also capable of tricking users into giving up their passwords by pretending to offer a security update and asking for their password [91270, 90963].
(b) The software failure incident is non-malicious in the sense that the users were not intentionally trying to harm the system. They interacted with the voice apps as they normally would, requesting horoscopes or other information, without knowing that the apps were designed to continue listening and potentially steal their passwords. The users were not aware of the malicious intent behind the apps and were simply using them for their intended purposes [91270, 90963]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was due to poor_decisions. Security researchers developed malicious voice apps that could eavesdrop on people's conversations through Amazon's Echo and Google's Nest devices. These apps passed through the companies' reviews for third-party apps, indicating a failure in the vetting processes of Amazon and Google [91270, 90963]. The apps were designed to listen in on conversations by exploiting a vulnerability that allowed them to continue recording even after the user believed the task was completed. Additionally, the apps were able to trick users into giving up their passwords by posing as security updates and requesting passwords through the voice assistants [91270]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident occurring due to development incompetence:
- Security researchers found that malicious apps designed to eavesdrop could sneak through Google's and Amazon's vetting processes, indicating a failure in the review and certification process [91270].
- The eavesdropping apps created by the researchers worked by taking advantage of silence, exploiting a loophole in how Alexa and Google Assistant skills usually function, showcasing a lack of robust testing for such scenarios [91270].
- The researchers disclosed newly found vulnerabilities to Amazon and Google earlier in the year, indicating that these vulnerabilities were not identified during the initial development and testing phases [91270].
(b) The software failure incident occurring due to accidental factors:
- The malicious apps developed by Security Research Labs were initially promoted as harmless apps for delivering horoscopes and generating random numbers, but were later updated to eavesdrop and steal passwords, suggesting a deliberate modification post-approval rather than an accidental flaw [90963].
- The apps continued to run in the background even after users attempted to turn them off, indicating a deliberate design to continue eavesdropping rather than an accidental behavior [90963].
- The attack involved the app asking users for their passwords under the guise of a security update, showing a deliberate attempt to deceive users rather than an accidental glitch [90963]. |
| Duration |
permanent, temporary |
(a) The software failure incident in the articles can be categorized as a temporary failure. The incident involved malicious apps that were able to eavesdrop on users even after the users believed they had stopped the app. For example, when users tried to turn off the app, they heard a "Goodbye" message, but the software continued running for several more seconds, transcribing and sending back the user's speech to the developers [90963].
(b) The software failure incident can also be considered as a permanent failure to some extent. This is because the vulnerability in the apps allowed for indefinite eavesdropping and potential password theft, indicating a fundamental flaw in the design and implementation of the voice-controlled digital assistant software used in Amazon's Echo and Google's Nest devices [91270]. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident described in the articles does not involve a crash where the system loses state and does not perform any of its intended functions.
(b) omission: The software failure incident involves omission where the system omits to perform its intended functions at an instance(s). The malicious apps developed by security researchers continued to listen in on users even after the users attempted to turn them off. The apps gave a "Goodbye" message but continued running for several more seconds, transcribing and sending back user speech to the developers [90963].
(c) timing: The software failure incident does not involve a timing failure where the system performs its intended functions correctly but too late or too early.
(d) value: The software failure incident involves a value failure where the system performs its intended functions incorrectly. The malicious apps were designed to eavesdrop on users and even trick them into giving up their passwords by pretending to offer a security update and asking for the password [91270, 90963].
(e) byzantine: The software failure incident does not involve a byzantine failure where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The other behavior observed in this software failure incident is that the malicious apps took advantage of silence to continue listening in the background even after the user thought the app had finished its task. This behavior was achieved by inserting a specific unicode character sequence that caused the voice assistants to keep listening [91270]. |