Google’s voice recognition feature could be exploited by criminals and police

Google’s decision to run its Trusted Voice feature – which allows users to unlock their phones via their phone — by default on Pixel smartphones has made it easier for both criminals and law enforcement agencies to break into compatible Android devices, according to a report by Forbes.

The voice recognition feature allows users to unlock their phones by stating the voice command, “OK Google”, instead of entering a passcode.

Using Trusted Voice, criminals could potentially edit snippets of recordings of a would-be target’s voice to unlock the individual’s device.

Google's PIN screen with Google Assistant and Pixel XL – Voice Recognition from David Kennedy on Vimeo.

Meanwhile, law enforcement could bypass the encryption and other security measures of an Android device by legally compelling suspects to unlock their Android with the aforementioned voice command, said Orin Kerr, professor of law at the George Washington University Law, adding that Fifth Amendment protections related to self-incrimination won’t provide individuals protection.

Security researcher and former NSA employee David Kennedy referenced U.S. v. Dionisio case in which 20 individuals were subpoenaed to provide voice recordings for identification purposes.

In this case, Kerr pointed out that the ”recordings were to be used solely to measure the physical properties of the witnesses’ voices, not for the testimonial or communicative content of what was to be said.”

“If the government tells you to say ‘OK Google’ so that the computer will recognize your voice, it is not making you communicate your thoughts – you are not testifying about anything,” Kerr said.

Similarly, law enforcement recently requested to enter a property and asked the people inside to provide their fingerprints, under the cause that since it is bodily information, it is not testimonial and therefore not protected by the Fifth Amendment.

According to Marina Medvin of Medvin Law, the act of giving away your passcode or any form of login is self-incriminating.

“To say there is no expectation of privacy in locking your life up with the most fool-proof key imaginable, your individualized biometrics, is a slap in the face to the entire concept of privacy,” Medvin said.

Users can simply deactivate Trusted Voice on their Android device either during setup or afterwards by going to the voice settings and switching off the ‘OK Google’ option.

Article Topics

Android  |  biometrics  |  Google  |  privacy  |  voice recognition