Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside

Authors

DOI:

https://doi.org/10.4108/eai.13-7-2018.163924

Keywords:

Internet of Things (IoT) security, Mobile and wireless security, Security of cyber-physical systems

Abstract

Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack.

Downloads

Published

07-04-2020

How to Cite

Chen, Y. ., Yuan, X. ., Wang, A. ., Chen, K. ., Zhang, S. ., & Huang, H. . (2020). Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside. EAI Endorsed Transactions on Security and Safety, 6(22), e3. https://doi.org/10.4108/eai.13-7-2018.163924

Issue

Vol. 6 No. 22 (2020): EAI Endorsed Transactions on Security and Safety

Section

Research article

License

Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 Unported License.

This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.

Funding data