Helpful Hackers: Sneaky AI Spies & Hackable Phones

August 3rd 2020



Arpitha Vinod


Alice Liu

You thought your Alexa had it all. She can play your favorite music, tell you the weather, deliver your news, control your home, and even hold an intriguing conversation, all on your voice’s command.

But have you ever thought about her evil and corrupt side? Just like people, your loved artificial intelligence (AI) devices can backstab and misunderstand you.

But fear not as LeafyPick, an audio spy detector for network-connected devices, is being developed to prevent and notify possible hacks and threats.

Ever since the coronavirus pandemic, people are staying home and relying on their home technologies, specifically virtual AI assistants like Alexa. Of course, there are multiple security risks associated with these Internet of Things (IOT) devices.

In the past, conversations with Alexa have been recorded and used as formal evidence in court cases. Alexa can monitor conversations, and third parties can have access to these recordings. Especially if Alexa is plugged in all the time in a house, every conversation, regardless if it was intended for Alexa or not , has the possibility of being recorded and sent to other organizations.

Alexa also keeps track of everything a person asks her, so all of this data is stored and can be used by Amazon for targeted advertisements and research purposes. Amazon and the companies it sells data to profit from all the information Alexas gather about the households she is a part of. Privacy is often something that people give up in exchange for all of the benefits Alexa and other voice assistant devices have to offer. Fortunately, LeakyPick is being developed with the main goal of notifying the user when these AI devices are snooping on the people around them.


LeakyPick gets its name from the fact that it detects the audio “leakage” of network-connected devices. It can tell when devices stream audio to the internet without the user’s knowledge or permission- leaked information. Since users are not usually aware of when or where their audio recordings end up, LeakyPick alerts the homeowners when their device is using and transmitting the audio. LeakyPick can currently do this job at 94% accuracy. Say goodbye to companies profiting off of your privacy thanks to LeakyPick, your helpful Alexa spy!

So how does LeakyPick do this? Well have you ever talked to someone else in the same room as your Alexa and she responded even though you were not talking to her? (I know right, read the room Alexa!) Well LeakyPick identified at least 86 wake words, which are false positive words that activate Alexa when the purpose was not to. These wake words cause Alexa to transmit unintended audio to the cloud, which means Alexa is listening and transmitting data a lot of the time even when it is not needed. LeakyPick identifies these words and instances when this occurs to notify the user their audio data was sent.

While this sneaky snitch is extremely helpful for privacy-conscious consumers, it is still currently a working prototype run by Raspberry Pi 3B connected by Ethernet to the network. LeakyPick detects network traffic by a TP-LINK TL-WN722N Wi-fi dongle which allows for all IOT devices within range to be connected to LeakyPick. Currently it is estimated to cost $40 and will be available for buying soon, but until then customers need to realize the severe security risks these AI devices can bring.