Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside

Chen, Yuxuan and Yuan, Xuejing and Wang, Aohui and Chen, Kai and Zhang, Shengzhi and Huang, Heqing (2020) Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside. EAI Endorsed Transactions on Security and Safety, 6 (22). e3. ISSN 2032-9393

[thumbnail of eai.13-7-2018.163924.pdf]
Available under License Creative Commons Attribution No Derivatives.

Download (2MB) | Preview


Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack.

Item Type: Article
Uncontrolled Keywords: Internet of Things (IoT) security, Mobile and wireless security, Security of cyber-physical systems
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 14:01
Last Modified: 26 Mar 2021 14:01

Actions (login required)

View Item
View Item