If I understand correctly how this works: There is a small always-on low-power core that is recording everything to a small buffer and doing a small amount of signal processing to see if there's a reasonable chance that you've said the activation phrase. When it detects this trigger, it wakes up the main core, which grabs the buffer and does some more complex signal processing to see if you *really* (or, at least, with much higher probability) said the activation phrase. If so, it's then forwarded to the thing that processes the command.
If the code on the main core doesn't have microphone access, the core is still woken up, but then the process that tries to check if you really said the activation phrase fails because it can't access the microphone.
There's probably an interesting side channel where a malicious version could (assuming the low-power core doesn't hardcode 'Okay Google') rapidly program different activation phrases to get a reasonably high probability of whether specific things are said.
David Chisnall (*Now with 50% more sarcasm!*)
npub13g…dk50d
2026-05-01 09:44:03 UTC
in reply to nevent1q…02wy
Author Public Key
npub13gcwraghdcw9xzkg3tky24feu0lzkhtlt57wpdn58y4m4tyr9qdsxdk50dSeen on
wss://relay.momostr.pinkPublished at
2026-05-01 09:44:03 UTCEvent JSON
{
"id": "bbb7cd20f1f455863f90f51afcb5f334d77229e4c50deed2159d64b3efbd9454",
"pubkey": "8a30e1f5176e1c530ac88aec455539e3fe2b5d7f5d3ce0b674392bbaac83281b",
"created_at": 1777628643,
"kind": 1,
"tags": [
[
"e",
"a38da3465b4156ee957c25900302f619b4e186bc0cbba786cbce9f3a4767a8d3",
"",
"root",
"b3f35066b1b69e67300de32779af6e3863de9e091a2ba0bab2ed6583a00b8b10"
],
[
"proxy",
"https://infosec.exchange/@david_chisnall/116498670807142990",
"web"
],
[
"p",
"b3f35066b1b69e67300de32779af6e3863de9e091a2ba0bab2ed6583a00b8b10"
],
[
"proxy",
"https://infosec.exchange/users/david_chisnall/statuses/116498670807142990",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/david_chisnall/statuses/116498670807142990",
"pink.momostr"
],
[
"-"
]
],
"content": "If I understand correctly how this works: There is a small always-on low-power core that is recording everything to a small buffer and doing a small amount of signal processing to see if there's a reasonable chance that you've said the activation phrase. When it detects this trigger, it wakes up the main core, which grabs the buffer and does some more complex signal processing to see if you *really* (or, at least, with much higher probability) said the activation phrase. If so, it's then forwarded to the thing that processes the command.\n\nIf the code on the main core doesn't have microphone access, the core is still woken up, but then the process that tries to check if you really said the activation phrase fails because it can't access the microphone.\n\nThere's probably an interesting side channel where a malicious version could (assuming the low-power core doesn't hardcode 'Okay Google') rapidly program different activation phrases to get a reasonably high probability of whether specific things are said.",
"sig": "01d1dfe8183ed7ece2adfdac1eb3168324d0e22ccc320b19dd854a3dbd6fa1592459d346568ed5313522c11d06f33aac4b1b4a5aa51fc0c8dbdb6314992070c8"
}