This is why we need a fully opensource privacy minded voice assistant

And why you need to be very carefull with any of these always on / listening devices.

A bit lengthy to read, but this is why;

Recap: Peiple could have hacked your Google device and turning it into a wiretap accesable over the internet by just being in its wifi range to place the hack.


that’s because the security of these devices is purposefully weakened.
the number of folks that are capable of the following is vanishingly small:

  • Static analysis of the app that interfaces with the device (in this case, the “Google Home” Android app), e.g. using Apktool or JADX to decompile it
  • Dynamic analysis of the app during runtime, e.g. using Frida to hook Java methods and print info about internal state

even in the corporate world, finding people that have a deeper understanding of how asymmetric encryption (i.e. ssl) works is rare.

WPA2 has been cracked for a long time, but i suspect that these protocols and standards are purposefully weakened by influence from TLA’s.

In any event there’s no reason a similar attack couldn’t be carried out on the mycroft, as it does not support WPA3!!!

Select your WiFi from the list and enter your password. Press the “eye” icon to unhide the password text.
WPA2-Enterprise and WPA3 networks are not yet supported.

A device being released in 2023 should not be released at all without WPA3 support!!!


no reason WPA3 cant be supported, it is not supported in balena or the wifi setup that ships with dinkum, but can be setup manually already by network manager

I believe the on-screen setup from OVOS and Neon also supports it

1 Like