A first look into Alexa’s interaction security
Document typeConference report
PublisherAssociation for Computing Machinery (ACM)
Rights accessOpen Access
European Commission's projectETOX - Integrating bioinformatics and chemoinformatics approaches for the development of expert systems allowing the in silico prediction of toxicities (EC-FP7-115002)
With a rapidly increasing market of millions of devices, the intelligent virtual assistants (IVA) have become a new vector available to exploit security breaches. In this work we approach the third revision of the Amazon Echo ecosystem's device Alexa from a security perspective, focusing our efforts on the interaction between the user and the device. We found the client-server communications to be robust using encryption, but studying the voice message recognition system we discovered a method to execute voice commands remotely, a feature not available by default. This method could be used against the user if an attacker manages to perform a session hijacking attack on the web or mobile clients.
CitationCastell, I. [et al.]. A first look into Alexa’s interaction security. A: International Conference on Emerging Networking Experiments and Technologies. "CoNEXT’19 Companion: proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies: December 9-12, 2019, Orlando, FL, USA". New York: Association for Computing Machinery (ACM), 2019, p. 4-6.
All rights reserved. This work is protected by the corresponding intellectual and industrial property rights. Without prejudice to any existing legal exemptions, reproduction, distribution, public communication or transformation of this work are prohibited without permission of the copyright holder