用户真的了解Alexa吗?了解Alexa技能安全指标

Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security Pub Date : 2023-07-10 DOI:10.1145/3579856.3595795

Yangyong Zhang, R. Vardhan, Phakpoom Chinprutthiwong, G. Gu

{"title":"用户真的了解Alexa吗?了解Alexa技能安全指标","authors":"Yangyong Zhang, R. Vardhan, Phakpoom Chinprutthiwong, G. Gu","doi":"10.1145/3579856.3595795","DOIUrl":null,"url":null,"abstract":"Amazon Alexa’s booming third-party skill market has grown from 160 to 100,000 skills within three years. In this work, we make the first effort in demystifying the Alexa skill permission system by studying its security indicators. Our user study results show that most of the surveyed Alexa users did not understand the security implications of interacting with third parties via Alexa’s voice user interface (VUI). Despite the potential risks of undesired resource sharing, more than two-thirds of the surveyed Alexa users considered third-party skills safe because they think these skills are Alexa- or Amazon-owned applications. Together with other uncovered deficiencies of skill security indicator designs, our study indicates a pressing need for a paradigm shift in designing security indicators for VUI systems.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Do Users Really Know Alexa? Understanding Alexa Skill Security Indicators\",\"authors\":\"Yangyong Zhang, R. Vardhan, Phakpoom Chinprutthiwong, G. Gu\",\"doi\":\"10.1145/3579856.3595795\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Amazon Alexa’s booming third-party skill market has grown from 160 to 100,000 skills within three years. In this work, we make the first effort in demystifying the Alexa skill permission system by studying its security indicators. Our user study results show that most of the surveyed Alexa users did not understand the security implications of interacting with third parties via Alexa’s voice user interface (VUI). Despite the potential risks of undesired resource sharing, more than two-thirds of the surveyed Alexa users considered third-party skills safe because they think these skills are Alexa- or Amazon-owned applications. Together with other uncovered deficiencies of skill security indicator designs, our study indicates a pressing need for a paradigm shift in designing security indicators for VUI systems.\",\"PeriodicalId\":156082,\"journal\":{\"name\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3579856.3595795\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3579856.3595795","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

亚马逊Alexa蓬勃发展的第三方技能市场在三年内从160个技能增长到10万个技能。在这项工作中，我们通过研究其安全指标，首次努力揭开Alexa技能权限系统的神秘面纱。我们的用户研究结果显示，大多数被调查的Alexa用户不了解通过Alexa的语音用户界面(VUI)与第三方交互的安全影响。尽管存在不受欢迎的资源共享的潜在风险，但超过三分之二的受访Alexa用户认为第三方技能是安全的，因为他们认为这些技能是Alexa或亚马逊拥有的应用程序。与其他未发现的技能安全指标设计缺陷一起，我们的研究表明迫切需要在设计VUI系统安全指标时进行范式转变。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Do Users Really Know Alexa? Understanding Alexa Skill Security Indicators

Amazon Alexa’s booming third-party skill market has grown from 160 to 100,000 skills within three years. In this work, we make the first effort in demystifying the Alexa skill permission system by studying its security indicators. Our user study results show that most of the surveyed Alexa users did not understand the security implications of interacting with third parties via Alexa’s voice user interface (VUI). Despite the potential risks of undesired resource sharing, more than two-thirds of the surveyed Alexa users considered third-party skills safe because they think these skills are Alexa- or Amazon-owned applications. Together with other uncovered deficiencies of skill security indicator designs, our study indicates a pressing need for a paradigm shift in designing security indicators for VUI systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

自引率

0.00%

发文量