One of the best ways to do this is by installing rogue mobile applications onto a wireless device, in such a covert way that even the end user will not be aware that it is has been installed. In fact, these kinds of mobile applications are created in such a way that they look like the real thing. So, even the end user who keeps track of what is being installed onto their respective Smartphone device will even be spoofed in thinking that rogue mobile app is authentic and safe to use. But, it is important to note that it is not just the Smartphone which is the cross hairs of the Cyber attacker, all of the associated applications that come with it are also being targeted. One such application is that of the Virtual Personal Assistant. This is a tool which allows you to make your everyday life more convenient by having a central place in which you can get your queries answered. As it was illustrated in the last article, a typical example of this is Google Maps. Through the mobile app, you can either speak in or type into your Smartphone the destination that you want to go to. Through the use of the Global Positioning System (GPS) technology, Google Maps can pinpoint the exact location that you are at, and from there, calculate the most optimal route to get to your destination. The main engine which drives the Virtual Personal Assistant is that of Artificial Intelligence (also known as “AI”). Essentially, this is an extremely sophisticated software package which tries to mimic the human thought and decision-making process over a certain period. Because of the incorporation of this technology the Virtual Personal Assistant (also known as the “VPA”) is now literally fast becoming our very own assistant, with the main intention of helping us in every aspect of our daily lives. For instance, based on the mannerisms and behavioral traits that the VPA has learned about a particular end user, it can recommend and assist with anything from recommending which meal you should cook to what your next travel destination should be. There has been an explosion into the marketplace of many types and kinds of Virtual Personal Assistants, but the most prevalent ones are:

Siri -designed for the iPhone and the iOS Operating System; Google Now -designed for the Android Operating System, and any Smartphones which use it (such as Samsung) Cortana -designed for the Windows 10 Operating System and the Windows Mobile device.

But despite how much more convenient the Virtual Personal Assistant has become to use, just like any other piece of technology, it too is prone to its fair share of Security threats and vulnerabilities (as eluded to in the last article), which is the primary focal point of this article.

In summary, this article has examined some of the major Security vulnerabilities which are posed by the Virtual Personal Assistant. It should be noted that a bulk of these threats arise from asking the VPA normal queries. But, these can be considered more as “hidden” Security threats rather than direct ones. For example, with the case of the recorded conversations, any attack may not be realized until a much later in point in time. In these cases, the recording may just reside either in a Physical or Virtual Server for an extended period until a Cyber attacker decides to attack it directly with other malicious intentions that he or she may have in mind (in this case, the recorded queries will receive just an indirect “bonus”). In other words, it is still difficult at this point to quantify the level of these kinds of attacks against a Virtual Personal Assistant, as its usage is still so new to both individuals as well as businesses and corporations. But, if a Virtual Personal Assistant is being used to automate the online shopping process for an end user, then the Security threats which are posed to it can be considered to be direct in nature. The primary reason for this is that any loss or damage incurred by the individual or business /corporation can be quantified regarding real financial numbers. But apart from these losses, any Security breaches occurred in these situations can lead to even graver consequences, as any information or data stolen (such as credit card information hijacked from a Virtual Personal Assistant) here can even be used to launch Identity Theft attacks. Our next article will continue to examine the Security threats to and from Virtual Personal Assistants, both from technical and non-technical standpoints. http://www.cbronline.com/news/cybersecurity/data/siri-ous-security-risks-virtual-assistants-no-laughing-matter/ http://www.pandasecurity.com/mediacenter/mobile-security/digital-assistants-secrets/ https://nakedsecurity.sophos.com/2017/01/27/data-privacy-day-know-the-risks-of-amazon-alexa-and-google-home/ https://www.scmagazineuk.com/apple-admits-siri-shares-data-with-third-parties/article/537390/ https://virtualagentchat.com/2015/11/18/the-risk-of-virtual-personal-assistants-as-gatekeepers/ https://www.theguardian.com/technology/2016/may/26/amazon-echo-virtual-assistant-child-privacy-law https://www.wired.com/2015/10/this-radio-trick-silently-hacks-siri-from-16-feet-away/ http://www.red5security.com/index_36_1224411244.pdf https://hackinparis.com/data/slides/2015/lopes_esteves_kasmi_you_dont_hear_me.pdf https://www.theregister.co.uk/2015/03/13/cortana_on_ios_android_microsoft/