Using Amazon Alexa APIs as a Source of Digital Evidence

06/15/2020
by   Clemens Krueger, et al.
0

With the release of Amazon Alexa and the first Amazon Echo device, the company revolutionised the smart home. It allowed their users to communicate with, and control, their smart home ecosystem purely using voice commands. However, this also means that Amazon processes and stores a large amount of personal data about their users, as these devices are always present and always listening in peoples' private homes. That makes this data a valuable source of evidence for investigators performing digital forensics. The Alexa Voice Service uses a series of APIs for communication between clients and the Amazon cloud. These APIs return a wide range of data related to the functionality of the device used. The first goal of this research was to clarify exactly what kind of information about the user is stored and accessible through these APIs. To do this, a combination of literature review and exploratory analysis was used to establish a list of all relevant APIs. Then, possible artefacts and conclusions to be drawn from their responses were identified and presented. Lastly, the perspective of the users was taken, and options for improving their privacy were reviewed. Specifically, the history of interaction between the user and Alexa is available through multiple APIs, and there are several options to delete it. It was determined that these options have different behaviours and that most of them do not remove all data related to user interaction.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset