Are voice assistants smart enough to be secure?
TL, DR; In this post, I will introduce you our security study on voice assistant platforms (Amazon Echo and Google Home). This research reveals a set of attack scenarios for both platforms, along with several promising countermeasures to address those issues. For details, you can also see the research paper published on IEEE Security&Privacy 2019 (acceptance rate is 12%). The research has also won 3rd place in CSAW’19 Applied Research Competition (3 out of 80), which serves as a good recognition of both research and industrial values. In this post, you will learn:
- What are voice assistant platforms?
- Attack scenarios introduced in this paper: Voice Squatting and Voice Masquerading. Both attacks have been reported to the vendors before publishing the paper, and both vendors acknowledged the attacks.
- Detection and prevention techniques proposed in this study. The authors have shared their defense techniques with the vendors, and also filed a set of patents which belong to Indiana University Bloomington.
- Analysis of the fundamental issues of voice user interface, which make those attacks practical and inherent.
Voice Assistant Platforms
In recent years, voice assistant devices are getting increasingly popular, especially Amazon Echo and Google Home. Using those devices, users can carry out a set of tasks including playing music, controlling IoT devices, sending or receiving money, and…