The Burger King Hack: How Advertisers are Blowing Past Internet Safety Protocols

In October 2016, Internet of Things (IoT) device users experienced a shutdown. Sites like Netflix, Spotify and Twitter were unavailable across the country and no one knew why. The public later learned that the DNS service provider, DYN, had been the victim of a DDoS attack. What was hacker's choice of weapon? User IoT devices.

IoT technology is championed as a way to simplify daily life. Be it knowing when to buy milk or making sure the babysitter hasn't invited an unexpected guest over, IoT devices allow users to monitor, collaborate and work between devices.

To make things even easier, companies like Google and Amazon have created cloud-based personal assistants that can tell you about the weather, play your favorite TV show and track your appointments, among other things. To use the personal assistant, all users have to do is give a voice command.

It was only a matter of time before someone would learn how to cut through the voice-recognition technology to use it for an ulterior motive. Was it a cybercriminal? Not exactly, though the actions of the perpetrator could be likened to that of one: it was fast food chain Burger King.

A Whopping Mess
As part of a new marketing campaign, Burger King aired commercials during the late-night talk show broadcasts of Jimmy Kimmel Live and the Tonight Show with Jimmy Fallon that featured a Burger King employee who says, "Okay, Google: What is the Whopper burger?" Ordinarily, having an actor ask an innocuous question on a commercial does nothing. However, Burger King managed to bypass Google's systems and command Google Home assistants to answer what a whopper burger is.

The commercial was not well-received by the public, with one irate Google Home user commenting, "When you take over someones [sic.] phone or tablet and have it do your own remote commands intentionally, you are HACKING."

If a well-established fast food corporate company is willing to forego tech etiquette and breach user software, is it really so hard to believe that a cybercriminal wouldn't set about doing the same exact thing?

A Whopper of a Threat
Though Burger King's ad did not cause financial harm to user Google Homes, it did raise a red flag: if advertisers can breach these systems, so can cybercriminals. This means that cybercriminals could potentially have your personal assistant share private cloud data simply by asking the personal assistant. Imagine that you use a cloud-based personal assistant in your small business. All of your clients' personal information is stored there, including their bank account information, birthdates and SSNs. With one verbalized question, a hacker could steal that information, leaving your business to suffer the exorbitant financial costs of the breach. It's for reasons like this that you must invest in cyber breach insurance.

Cyber breach insurance covers your business should you experience-you guessed it: a data breach. The insurance coverage includes payments for the return of the data, removing malicious software from your server and covering litigation costs should those affected by the breach decide to take you to court.

Think about it: if it was this easy for Burger King to bypass Google safety standards, it certainly will be for an experienced hacker.

To find a cyber breach plan that works for you and your budget, visit CyberPolicy today.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375