A Security Look at Voice-Based Assistants
Rapid developments in the field of artificial intelligence (AI) have resulted in a spate of new products and services. Without these advances, voice-based assistants like the Amazon Echo, Apple’s Siri, Microsoft’s Cortana, and others, could not exist. But just like too many other technologies of the past, voice-based assistants are being integrated into our daily lives without a complete understanding of the security risks they pose. In this presentation, attendees will be introduced to the security issues surrounding voice-based assistants with a particular focus on the Amazon Echo. Attendees will be given a high level overview of voice-based assistants and their evolving role as part of the Internet of Things (IoT). After a quick survey of the Amazon Echo family of products, there will be a discussion of the listening capabilities of voice-based assistants, which is currently the largest area of concern by those who are familiar with the technology. Included will be a discussion of a 2017 proof-of-concept attack where researchers were able to pwn an Echo and turn it into a covert snooping device. It is well known that the more popular a technology becomes, the more interest it receives from attackers. The presentation will introduce attendees to several successful attacks on the Amazon Echo, including one that allowed Chinese researchers to deliver remote commands to the Echo using frequencies not hearable by the human ear.