Smart Home Voice Assistants: A Literature Survey of User Privacy and Security Vulnerabilities

Complex Syst. Informatics Model. Q. Pub Date : 2020-10-30 DOI:10.7250/csimq.2020-24.02

Khairunisa Sharif, B. Tenbergen

{"title":"Smart Home Voice Assistants: A Literature Survey of User Privacy and Security Vulnerabilities","authors":"Khairunisa Sharif, B. Tenbergen","doi":"10.7250/csimq.2020-24.02","DOIUrl":null,"url":null,"abstract":"Intelligent voice assistants are internet-connected devices, which listen to their environment and react to spoken user commands in order to retrieve information from the internet, control appliances in the household, or notify the user of incoming messages, reminders, and the like. With their increasing ubiquity in smart homes, their application seems only limited by the imagination of developers, who connect these off-the-shelf devices to existing apps, online services, or appliances. However, since their inherent nature is to observe the user in their home, their ubiquity also raises concern of security and user privacy. To justify the trust placed into the devices, the devices must be secure from unauthorized access and the back-end infrastructure tasked with speech-to-text analysis, command interpretation, and connection to other services and appliances must maintain confidentiality of data. To investigate existing possible vulnerabilities, approaches to mitigate them, as well as general considerations in this emerging field, we supplement the findings of a recent study with results from a systematic literature review. We were able to compile a list of six main types of user privacy vulnerabilities, partially confirming previous findings, but also finding additional issues. We discuss these vulnerabilities, their associated attack vectors, and possible mitigations users can take to protect themselves.","PeriodicalId":416219,"journal":{"name":"Complex Syst. Informatics Model. Q.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Complex Syst. Informatics Model. Q.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.7250/csimq.2020-24.02","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Intelligent voice assistants are internet-connected devices, which listen to their environment and react to spoken user commands in order to retrieve information from the internet, control appliances in the household, or notify the user of incoming messages, reminders, and the like. With their increasing ubiquity in smart homes, their application seems only limited by the imagination of developers, who connect these off-the-shelf devices to existing apps, online services, or appliances. However, since their inherent nature is to observe the user in their home, their ubiquity also raises concern of security and user privacy. To justify the trust placed into the devices, the devices must be secure from unauthorized access and the back-end infrastructure tasked with speech-to-text analysis, command interpretation, and connection to other services and appliances must maintain confidentiality of data. To investigate existing possible vulnerabilities, approaches to mitigate them, as well as general considerations in this emerging field, we supplement the findings of a recent study with results from a systematic literature review. We were able to compile a list of six main types of user privacy vulnerabilities, partially confirming previous findings, but also finding additional issues. We discuss these vulnerabilities, their associated attack vectors, and possible mitigations users can take to protect themselves.

查看原文本刊更多论文

智能家居语音助手:用户隐私和安全漏洞的文献调查

智能语音助手是连接互联网的设备，它们倾听周围环境并对用户的口头命令作出反应，以便从互联网上检索信息，控制家庭中的电器，或通知用户收到的消息、提醒等。随着它们在智能家居中的日益普及，它们的应用似乎只受到开发人员想象力的限制，他们将这些现成的设备连接到现有的应用程序、在线服务或设备上。然而，由于它们的本质是观察用户在家中，它们的无处不在也引起了对安全和用户隐私的担忧。为了证明对设备的信任是正确的，设备必须是安全的，不受未经授权的访问，负责语音到文本分析、命令解释以及与其他服务和设备连接的后端基础设施必须保持数据的机密性。为了调查现有的可能的漏洞，减轻它们的方法，以及这个新兴领域的一般考虑，我们用系统文献综述的结果补充了最近一项研究的结果。我们能够编制出六种主要类型的用户隐私漏洞列表，部分证实了之前的发现，但也发现了其他问题。我们将讨论这些漏洞、它们相关的攻击向量，以及用户可以采取的可能的缓解措施来保护自己。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Complex Syst. Informatics Model. Q.

自引率

0.00%

发文量