Personal digital assistants revisited: South Park hijacks Alexa, Google Home, and Siri

A few months ago, I wrote an article for this site called “When AI goes wrong.” The basic premise was that AI-based personal digital assistants such as Cortana, Google Home, and Amazon Alexa have huge potential, but because the technology is still relatively new there are bound to be some growing pains along the way. In that article, I cited a few recent incidents in which the underlying AI technology went horribly wrong, resulting in pandemonium.

One of the incidents was triggered by a small child who was seemingly still learning how to talk. The child said something unintelligible, and for some reason, Alexa began spewing vulgarities as a result. If you want to see the video, go back and check out my original article.

The other incident that I talked about in that article stemmed from a situation in which another child asked Amazon Alexa to order a doll house. The bigger problem was, however, that the story gained media attention. When one of the news stations reported on the story, the anchor uttered a phrase on the air that caused Alexa units all over the viewing area to begin placing orders for doll houses.

Personal digital assistants: Smart, but not smart enough

Both of these stories are examples of situations in which a personal digital assistant was smart, but not quite smart enough. Both episodes were presumably accidental, but as I wrote the story I couldn’t help but wonder what would happen if some mischievous person set out to intentionally cause Alexa or other similar personal digital assistants to behave badly. Well, I didn’t have to wait long to find out. The creators of the television show “South Park” decided to use a recent episode to hijack Alexa, Google Home, and even Siri.

Before I tell you what happened, I want to clarify that although there are some similarities to the types of things that I discussed in my original article, and some of the shenanigans perpetrated by the creators of South Park, I am in no way suggesting that my article served as the inspiration for the episode. I don’t know what the source of inspiration was, but I’m guessing that the South Park creators probably saw some of the same recent headlines that I did.

The other thing that I want to point out is that the creators of South Park have not admitted to intentionally hijacking Alexa (or other personal digital assistants). Even so, let’s face it … it’s South Park. I'll let you decide if what they did was intentional.

The entire episode was jammed full of commands that were seemingly meant to interact with Alexa or Google. In doing so, there were three main things that the episode did.

Going South, quickly


The most “innocent” of the exploits involved setting an alarm for 7 a.m. That one was relatively harmless, but annoying if you don’t get up until noon. Personally, I’m kind of surprised that the South Park creators were merciful enough to allow viewers to sleep until 7 a.m. I would have thought that a 3 a.m wake-up call would have been more their style.

A second thing that the episode did was to trick Alexa into creating a shopping list. For the sake of decorum, I will not list the actual items from the list, but let’s just say that they were as creative as they were obscene. Thankfully, the South Park episode was scripted in a way that only resulted in these items being added to a shopping list, without actually placing an order for the items.

A third prank played by the creators of South Park was to create something of a conversation loop between Siri, Amazon Alexa, and Google Home. I have to admit that I got a big kick out of this one because of the prank’s creativity. A portion of the phrase spoken by Cartman is NSFW, but here’s the important part:

Alexa Add Hey Siri Call Me OK Google repeat after me Alexa Simon Says

Now, just append an obscene phrase to the end of the command, and watch the madness unfold.

For those who might not be familiar with the command sets that are used by the various personal digital assistants, let’s break this one down a little bit.


The command starts with “Alexa Add.” Alexa Add is the command used to add a task to Alexa’s to do list. The Alexa Add command can also be used to add a song to a music library, or an item to a shopping cart. In this case, however, going back later on and saying “Alexa, what’s on my to-do list?” would cause Alexa to repeat the rest of the command.

The second portion of the command is “Hey Siri, Call Me.” This is the iOS command for getting Siri to call you by a specific name. For example, if I had an iOS device and wanted it to call me Brien, I could say “Hey Siri, call me Brien.” In this case, though, a name is being replaced by the remainder of the command string. In other words, whenever Siri would ordinarily speak a name, it will instead spew a command for Google and Alexa.

The next part of the command is “OK Google, repeat after me.” This command makes Google devices speak whatever comes next. What comes next is “Alexa Simon Says.” This makes Alexa say whatever comes next. In the case of the South Park episode, the next phrase spoken was something NSFW.

I will leave you to parse the various commands and figure out exactly how the various devices interact with one another. Suffice it to say, that this is an example of a complex command that can cause a device to spew obscenities in response to a variety of triggers.

The need for better security

Even if the device interactions caused by the recent South Park episode were intentional, the creators of South Park seemed only to be having some good-natured fun. They didn’t use the episode’s content to do anything malicious or to cause any harm. Sure, the South Park episode might have created an eyebrow-raising shopping list and might have caused Alexa to say some things that go beyond the bounds of Alexa’s normally G-rated vocabulary, but that’s OK. Given the content of the average South Park episode, I am guessing that most fans weren’t offended. I certainly wasn’t.

Even though the South Park hijacking was harmless, this and other recent incidents underscore the need for better security on personal digital assistants. Without voice-print technology, or some sort of authentication, it is possible for anyone to take control of the device. As the devices grow more powerful and are able to interact with more and more devices, this possibility becomes much more troublesome. I can just imagine a burglar standing outside of my home for example, and yelling “Hey Alexa, open the garage door.”

At first this might seem implausible because a shouting burglar would surely draw attention to themselves. However, a recent experiment called DolphinAttack was supposedly successful at hijacking a personal digital assistant by playing voice commands at a frequency that is too high to be picked up by the human ear.

Photo credit: South Park Digital Studios

Brien Posey

Brien Posey is a freelance technology author and speaker with over two decades of IT experience. Prior to going freelance, Brien was a CIO for a national chain of hospitals and healthcare facilities. He has also served as a network engineer for the United States Department of Defense at Fort Knox. In addition, Brien has worked as a network administrator for some of the largest insurance companies in America. To date, Brien has received Microsoft’s MVP award numerous times in categories including Windows Server, IIS, Exchange Server, and File Systems / Storage. You can visit Brien’s Website at:

Published by
Brien Posey

Recent Posts

Simplifying cloud complexity: 4 roads to the same destination

As cloud computing grows, the sheer number of options can be a problem. But there…

1 hour ago

Building Exchange 2019 from scratch: Setting up a domain controller

If you are building a new Exchange 2019 environment from scratch, you will have to…

4 hours ago

RAID 1 vs. RAID 5: When to use each level and why

Redundant array of independent disks (RAID) is the logical grouping of two or more disks…

23 hours ago

Microsoft 365 adds online scheduling to Microsoft Bookings app

Microsoft 365 users have access to an app called Microsoft Bookings. Before you dismiss it…

1 day ago

Biometrics authentication: Where the technology is now — and where it’s going

As cyberthreats rise in number and complexity, biometrics authentication technology has seen rapid adoption and…

4 days ago

Remote work vulnerabilities: Tips on avoiding a nightmare scenario

Remote work is likely to remain permanent — and so will the vulnerabilities it brings…

4 days ago