Emerging Threats in Internet of Things Voice Services

In this study, we conduct an empirical analysis of interpretation errors made by Amazon Alexa, the speech-recognition engine that powers the Amazon Echo family of devices. We show how common misinterpretations made by Alexa can be used to build a new class of attacks, called skill squatting attacks, and discuss its security implications.

[1]  Wouter Joosen,et al.  Soundsquatting: Uncovering the Use of Homophones in Domain Squatting , 2014, ISC.

[2]  Nan Zhang,et al.  Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[3]  Chris Kanich,et al.  It's All in the Name: Why Some URLs are More Vulnerable to Typosquatting , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[4]  Chris Kanich,et al.  The Long "Taile" of Typosquatting Domain Names , 2014, USENIX Security Symposium.

[5]  Deepak Kumar,et al.  Skill Squatting Attacks on Amazon Alexa , 2018, USENIX Security Symposium.

[6]  Aziz Mohaisen,et al.  The Landscape of Domain Name Typosquatting: Techniques and Countermeasures , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).