Attacks and Defense on Voice controlled device.
some of the slides, Figures and Information are collected from the following paper- https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kumar.pdf
14. Brainstorm
How to design further attacks???
● Alexa makes mistakes
● Skills are the new apps
What could go wrong???
15. Skill Squatting Attacks on
Amazon Alexa
Authors- Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua
Mason, Adam Bates, and Michael Bailey, University of Illinois, Urbana-Champaign
16. Skill
● Similar to mobile app
● Third party application that leverage alexa voice services
● Interacts with human voice
● Currently, 30000 skills are active in amazon website
27. Validating the Skill Squatting Attack
Split speakers into two sets: “training” set and the “testing” set
For each word with predictable error, we built two skills: the word, and the predictable error
Skill A: Wet
Skill B: What
Sent the testing set through to Alexa, observed how many times skill B was triggered instead of skill A
28. Validating the Skill Squatting Attack
Split speakers into two sets: “training” set and the “testing” set
For each word with predictable error, we built two skills: the word, and the predictable error
Skill A: Wet
Skill B: What
Sent the testing set through to Alexa, observed how many times skill B was triggered instead of skill A
Successfully squatted 25 of 27 (93%)
predictable errors at least once
39. Takeaways
● New medium, same problems
○ “Typosquatting” in the land of IoT
● Opaque ML for decision making is still nascent
○ Interface quirks can and will be exploited to cause abuse
45. Some Other Interesting Defenses
1. Hearing Your Voice is Not Enough: An Articulatory Gesture
Based Liveness Detection for Voice Authentication
2. Hello, Is It Me You’re Looking For? Differentiating Between
Human and Electronic Speakers for Voice Interface Security
3. ...