A Survey on Amazon Alexa Attack Surfaces

by   Yanyan Li, et al.

Since being launched in 2014, Alexa, Amazon's versatile cloud-based voice service, is now active in over 100 million households worldwide. Alexa's user-friendly, personalized vocal experience offers customers a more natural way of interacting with cutting-edge technology by allowing the ability to directly dictate commands to the assistant. Now in the present year, the Alexa service is more accessible than ever, available on hundreds of millions of devices from not only Amazon but third-party device manufacturers. Unfortunately, that success has also been the source of concern and controversy. The success of Alexa is based on its effortless usability, but in turn, that has led to a lack of sufficient security. This paper surveys various attacks against Amazon Alexa ecosystem including attacks against the frontend voice capturing and the cloud backend voice command recognition and processing. Overall, we have identified six attack surfaces covering the lifecycle of Alexa voice interaction that spans several stages including voice data collection, transmission, processing and storage. We also discuss the potential mitigation solutions for each attack surface to better improve Alexa or other voice assistants in terms of security and privacy.


page 1

page 2

page 3

page 4


Using Amazon Alexa APIs as a Source of Digital Evidence

With the release of Amazon Alexa and the first Amazon Echo device, the c...

NUANCE: Near Ultrasound Attack On Networked Communication Environments

This study investigates a primary inaudible attack vector on Amazon Alex...

Towards Usable Parental Control for Voice Assistants

Voice Personal Assistants (VPA) have become a common household appliance...

Your Echos are Heard: Tracking, Profiling, and Ad Targeting in the Amazon Smart Speaker Ecosystem

Smart speakers collect voice input that can be used to infer sensitive i...

An Analysis of Amazon Echo's Network Behavior

With over 20 million units sold since 2015, Amazon Echo, the Alexa-enabl...

Intelligent Virtual Assistant knows Your Life

In the IoT world, intelligent virtual assistant (IVA) is a popular servi...

Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems

We propose a new class of signal injection attacks on microphones by phy...

Please sign up or login with your details

Forgot password? Click here to reset