Since being launched in 2014, Alexa, Amazon’s versatile cloud-based voice
service, is now active in over 100 million households worldwide. Alexa’s
user-friendly, personalized vocal experience offers customers a more natural
way of interacting with cutting-edge technology by allowing the ability to
directly dictate commands to the assistant. Now in the present year, the Alexa
service is more accessible than ever, available on hundreds of millions of
devices from not only Amazon but third-party device manufacturers.
Unfortunately, that success has also been the source of concern and
controversy. The success of Alexa is based on its effortless usability, but in
turn, that has led to a lack of sufficient security. This paper surveys various
attacks against Amazon Alexa ecosystem including attacks against the frontend
voice capturing and the cloud backend voice command recognition and processing.
Overall, we have identified six attack surfaces covering the lifecycle of Alexa
voice interaction that spans several stages including voice data collection,
transmission, processing and storage. We also discuss the potential mitigation
solutions for each attack surface to better improve Alexa or other voice
assistants in terms of security and privacy.
Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Li_Y/0/1/0/all/0/1">Yanyan Li</a>, <a href="http://arxiv.org/find/cs/1/au:+Kim_S/0/1/0/all/0/1">Sara Kim</a>, <a href="http://arxiv.org/find/cs/1/au:+Sy_E/0/1/0/all/0/1">Eric Sy</a>