{"title":"Manipulating Users' Trust on Amazon Echo: Compromising Smart Home from Outside","authors":"Yuxuan Chen, Xuejing Yuan, Aohui Wang, Kai Chen, Shengzhi Zhang, Heqing Huang","doi":"10.4108/eai.13-7-2018.163924","DOIUrl":null,"url":null,"abstract":"Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack. Received on 29 March 2020; accepted on 02 April 2020; published on 07 April 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.13-7-2018.163924","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack. Received on 29 March 2020; accepted on 02 April 2020; published on 07 April 2020
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
