Biblio
Filters: Keyword is Amazon Alexa [Clear All Filters]
.
2021. Alexa in Phishingland: Empirical Assessment of Susceptibility to Phishing Pretexting in Voice Assistant Environments. 2021 IEEE Security and Privacy Workshops (SPW). :207—213.
This paper investigates what cues people use to spot a phishing email when the email is spoken back to them by the Alexa voice assistant, instead of read on a screen. We configured Alexa to read there emails to a sample of 52 participants and ask for their phishing evaluations. We also asked a control group of another 52 participants to evaluate these emails on a regular screen to compare the plausibility of phishing pretexting in voice assistant environments. The results suggest that Alexa can be used for pretexting users that lack phishing awareness to receive and act upon a relatively urgent email from an authoritative sender. Inspecting the sender (authority cue”) and relying on their personal experiences helped participants with higher phishing awareness to use Alexa towards a preliminary email screening to flag an email as potentially “phishing.”
.
2021. A Survey on Amazon Alexa Attack Surfaces. 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC). :1–7.
Since being launched in 2014, Alexa, Amazon's versatile cloud-based voice service, is now active in over 100 million households worldwide [1]. Alexa's user-friendly, personalized vocal experience offers customers a more natural way of interacting with cutting-edge technology by allowing the ability to directly dictate commands to the assistant. Now in the present year, the Alexa service is more accessible than ever, available on hundreds of millions of devices from not only Amazon but third-party device manufacturers. Unfortunately, that success has also been the source of concern and controversy. The success of Alexa is based on its effortless usability, but in turn, that has led to a lack of sufficient security. This paper surveys various attacks against Amazon Alexa ecosystem including attacks against the frontend voice capturing and the cloud backend voice command recognition and processing. Overall, we have identified six attack surfaces covering the lifecycle of Alexa voice interaction that spans several stages including voice data collection, transmission, processing and storage. We also discuss the potential mitigation solutions for each attack surface to better improve Alexa or other voice assistants in terms of security and privacy.