Proceedings 2019 Network and Distributed System Security Symposium 2019
DOI: 10.14722/ndss.2019.23525
|View full text |Cite
|
Sign up to set email alerts
|

Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications

Abstract: Popular Voice Assistant (VA) services such as Amazon Alexa and Google Assistant are now rapidly appifying their platforms to allow more flexible and diverse voice-controlled service experience. However, the ubiquitous deployment of VA devices and the increasing number of third-party applications have raised security and privacy concerns. While previous works such as hidden voice attacks mostly examine the problems of VA services' default Automatic Speech Recognition (ASR) component, our work analyzes and evalu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
26
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 49 publications
(26 citation statements)
references
References 15 publications
0
26
0
Order By: Relevance
“…We highlight ways in which the backend code can be updated to trigger dormant intents, which can deceive users into giving up sensitive data -something that has not been previously discussed or demonstrated. Zhang et al [56] state that an attacker can swap backend audio files without providing concise details, whereas we demonstrate (by publishing a skill) how an attacker can register dormant intents of sensitive data types (Section V-C). We also showcase how an attacker can register skills using well-known developer names (e.g., Ring, Withings, Samsung) to deceive users into enabling phishing skills (Section V).…”
Section: Related Workmentioning
confidence: 83%
See 4 more Smart Citations
“…We highlight ways in which the backend code can be updated to trigger dormant intents, which can deceive users into giving up sensitive data -something that has not been previously discussed or demonstrated. Zhang et al [56] state that an attacker can swap backend audio files without providing concise details, whereas we demonstrate (by publishing a skill) how an attacker can register dormant intents of sensitive data types (Section V-C). We also showcase how an attacker can register skills using well-known developer names (e.g., Ring, Withings, Samsung) to deceive users into enabling phishing skills (Section V).…”
Section: Related Workmentioning
confidence: 83%
“…This attack is based on the observation that Alexa favors the longest matching skill name when processing voice commands. In another concurrent work, Zhang et al [56] design a linguistic-model-guided fuzzing tool to systematically discover the semantic inconsistencies in Alexa skills. They state that the developer controlled backend can be abused by the developer, for example by swapping legitimate audio files with malicious audio files.…”
Section: Related Workmentioning
confidence: 99%
See 3 more Smart Citations