Article 3XV38 Researchers show Alexa “skill squatting” could hijack voice commands

Researchers show Alexa “skill squatting” could hijack voice commands

by
Sean Gallagher
from Ars Technica - All content on (#3XV38)
Echo-Plus-Black-800x720.jpg

Enlarge (credit: Amazon)

The success of Internet of Things devices such as Amazon's Echo and Google Home have created an opportunity for developers to build voice-activated applications that connect ever deeper-into customers' homes and personal lives. And-according to research by a team from the University of Illinois at Urbana-Champaign (UIUC)-the potential to exploit some of the idiosyncrasies of voice-recognition machine-learning systems for malicious purposes has grown as well.

Called "skill squatting," the attack method (described in a paper presented at USENIX Security Symposium in Baltimore this month) is currently limited to the Amazon Alexa platform-but it reveals a weakness that other voice platforms will have to resolve as they widen support for third-party applications. Ars met with the UIUC team (which is comprised of Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Assistant Professor Adam Bates, and Professor Michael Bailey) at USENIX Security. We talked about their research and the potential for other threats posed by voice-based input to information systems.

Its master's voice

There have been a number of recent demonstrations of attacks that leverage voice interfaces. In March, researchers showed that, even when Windows 10 is locked, the Cortana "assistant" responds to voice commands-including opening websites. And voice-recognition-enabled IoT devices have been demonstrated to be vulnerable to commands from radio or television ads, YouTube videos, and small children.

Read 12 remaining paragraphs | Comments

index?i=ZVT-ul5EmQI:QQHPzCgQykI:V_sGLiPB index?i=ZVT-ul5EmQI:QQHPzCgQykI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments