A first look into Alexa's interaction security

Castell-Uroz, Ismael; Marrugat-Plaza, Xavier; Solé-Pareta, Josep; Barlet‐Ros, Pere

doi:10.1145/3360468.3366769

Cited by 4 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Privacy was found to be the biggest concern of the three [ 14 ]. These findings appear to conflict with those presented by Lau et al [ 21 ]; however, the construction of the surveys was different, as privacy was the primary goal of the study. Moreover, Burbach et al [ 11 ] wrote their study a year later; a year in which several news stories broke in the media regarding privacy concerns of VAs, which may account for the apparent increase in concern over privacy.…”

Section: Discussioncontrasting

confidence: 81%

See 1 more Smart Citation

On the Security and Privacy Challenges of Virtual Assistants

Bolton

Dargahi

Belguith

et al. 2021

Sensors

View full text Add to dashboard Cite

Since the purchase of Siri by Apple, and its release with the iPhone 4S in 2011, virtual assistants (VAs) have grown in number and popularity. The sophisticated natural language processing and speech recognition employed by VAs enables users to interact with them conversationally, almost as they would with another human. To service user voice requests, VAs transmit large amounts of data to their vendors; these data are processed and stored in the Cloud. The potential data security and privacy issues involved in this process provided the motivation to examine the current state of the art in VA research. In this study, we identify peer-reviewed literature that focuses on security and privacy concerns surrounding these assistants, including current trends in addressing how voice assistants are vulnerable to malicious attacks and worries that the VA is recording without the user’s knowledge or consent. The findings show that not only are these worries manifold, but there is a gap in the current state of the art, and no current literature reviews on the topic exist. This review sheds light on future research directions, such as providing solutions to perform voice authentication without an external device, and the compliance of VAs with privacy regulations.

show abstract

Section: Discussioncontrasting

confidence: 81%

“…Javed et al [ 21 ] performed an in-depth study of what Alexa was recording. AlthoughAmazon claims that ‘she’ only listens when the wake-word is uttered by the user, their research found that among the control group of users, 91% had experienced an unwanted recording.…”

Section: Discussionmentioning

confidence: 99%

On the Security and Privacy Challenges of Virtual Assistants

Bolton

Dargahi

Belguith

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…Another study to highlight security issues of voice assistants was conducted by Castell-Uroz et al [64], who analyzed the servers and services that Amazon Alexa has daily access. From this process, it emerged that when a voice assistant communicates with a service at the user's command and uses the http protocol, it is not difficult for someone to access the data sent to Amazon servers.…”

Section: Voice Assistants' Privacy and Securitymentioning

confidence: 99%

Untitled

2021

JESTR

View full text Add to dashboard Cite

“…Recently, a number of commercial IoT security tools and applications have entered the consumer market which enable device identification and network destination analysis, although they do not provide analysis of voice activations in smart speakers [20,21]. In [22], the authors attempted remote voice command execution and session hijacking attacks on the Alexa devices. Their findings highlight some security vulnerabilities in these devices.…”

Section: Related Workmentioning

confidence: 99%

When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers

Dubois

Kolcun

Mandalari

et al. 2020

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Internet-connected voice-controlled speakers, also known as smart speakers, are increasingly popular due to their convenience for everyday tasks such as asking about the weather forecast or playing music. However, such convenience comes with privacy risks: smart speakers need to constantly listen in order to activate when the “wake word” is spoken, and are known to transmit audio from their environment and record it on cloud servers. In particular, this paper focuses on the privacy risk from smart speaker misactivations, i.e., when they activate, transmit, and/or record audio from their environment when the wake word is not spoken. To enable repeatable, scalable experiments for exposing smart speakers to conversations that do not contain wake words, we turn to playing audio from popular TV shows from diverse genres. After playing two rounds of 134 hours of content from 12 TV shows near popular smart speakers in both the US and in the UK, we observed cases of 0.95 misactivations per hour, or 1.43 times for every 10,000 words spoken, with some devices having 10% of their misactivation durations lasting at least 10 seconds. We characterize the sources of such misactivations and their implications for consumers, and discuss potential mitigations.

show abstract

A first look into Alexa's interaction security

Cited by 4 publications

References 1 publication

On the Security and Privacy Challenges of Virtual Assistants

On the Security and Privacy Challenges of Virtual Assistants

Untitled

When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers

Contact Info

Product

Resources

About