Abstract | ||
---|---|---|
With a rapidly increasing market of millions of devices, the intelligent virtual assistants (IVA) have become a new vector available to exploit security breaches. In this work we approach the third revision of the Amazon Echo ecosystem's device Alexa from a security perspective, focusing our efforts on the interaction between the user and the device. We found the client-server communications to be robust using encryption, but studying the voice message recognition system we discovered a method to execute voice commands remotely, a feature not available by default. This method could be used against the user if an attacker manages to perform a session hijacking attack on the web or mobile clients.
|
Year | DOI | Venue |
---|---|---|
2019 | 10.1145/3360468.3366769 | CoNEXT Companion |
Keywords | Field | DocType |
virtual assistant, voice interaction, intelligent device, online security | Internet privacy,Sociology | Conference |
ISBN | Citations | PageRank |
978-1-4503-7006-6 | 0 | 0.34 |
References | Authors | |
0 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ismael Castell-Uroz | 1 | 8 | 0.88 |
Xavier Marrugat-Plaza | 2 | 0 | 0.34 |
Josep Solé-Pareta | 3 | 0 | 0.68 |
Pere Barlet-ros | 4 | 269 | 27.74 |