1. 16
  1.  

  2. 35

    Really, BK is doing the world a huge favour with this one by pointing out how open to exploitation these devices are.

    1. 22

      I really don’t see how burger king are causing “an invasion of privacy”. I find it very odd people who are willingly having an always on microphone in their home are complaining about this.

      1. 5

        Isn’t it the all too common response that the security researchers get when they discover vulnerabilities?

        Blaming the messenger is the world’s favourite pastime.

        1. 5

          The alternative is to blame oneself for lack for diligence in deciding what device to purchase and how to configure it to be useful and secure.

          People have a tendency to demand extraordinary measures for their security when somebody can be made responsible for it but if they themselves have to be responsible i.e. putting on a seatbelt or driving safely, well we can’t have that.

          1. 2

            BK wasn’t simply the “messenger” here, they actively exploited it.

            Security researchers tend to avoid affecting actual users in cases like this (and still get screwed). While there wasn’t any “harm” done, this certainly wasn’t a good faith disclosure. IMO we shouldn’t equate the flak BK gets with the flak that security researchers get when they prove a vulnerability (or responsibly disclose one); they are very different situations.

          2. 3

            Society lives off of respect for others, beyond what’s physically prevented. It’s generally​ appreciated to not be rude

            If I live on the first floor of a building, people might be able to look in my apartment, but I still don’t want people to set bleachers and start selling popcorn.

          3. 16

            Ah, the joys of having an always-on microphone in your house that can perform all kinds of interesting activity without you personally actually giving it permission each time. That won’t go wrong in the future.

            1. 11

              Actually, Burger King has been in the news all week because of this stunt. That’s a lot of publicity for a commercial that only produced its intended effects for a day or so. Any publicity is good publicity, no?

              1. 4

                No question this helps BK in the long run.

                1. 3

                  Yeah I’m missing the part of the story where this “backfired”.

                  1. 2

                    “Nice description of.a vulnerability, but your report sucks, because it was blacklisted, and only worked for a day.” — said noone ever.

                    How did Google solve it? Just by blacklisting? BK’s now ought to transform their ad to get around the stupid filter!

                  2. [Comment removed by author]

                    1. 3

                      A term of service doesn’t magically allow you to take millions from other people’s wallet just because they sent a bunch of internet packets to your server…

                      1. 2

                        I agree. Using Wikipedia for advertising purposes is by far the most egregious breach of internet norms here. Anyone or anything being able to activate Google Home is a well-known feature/mistake, and is in fact its explicitly intended behavior, so BK hijacking it, while irritating, shouldn’t really come as a shock to anyone. Threatening Wikipedia’s impartiality, however, is genuinely new (AFAIK) and unintended, and that’s a little terrifying.

                      2. 4

                        Am I the only one who thought this was hilarious and well planned? Looks like it worked even better than expected.

                        The fake outrage has bought Burger King and the Whopper more media exposure than they could have paid for.

                        1. 3

                          Whether it was successful time will tell. Personally this caused irreversible brand damage both to BK and Google in my eyes.

                        2. 2

                          I would expect that those devices somehow are able to recognize, or at least trained to recognize, the owner or at least you can specify who to use. I suppose you cannot do that, because anyone can speak and be understood by the device.