The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Private data harvesting on Alexa using third-party skills

Private data harvesting on Alexa using third-party skills
Private data harvesting on Alexa using third-party skills
We are currently seeing an increase in the use of voice assistants which are used for various purposes. These assistants have a wide range of inbuilt functionalities with the possibility of installing third-party applications. In this work, we will focus on analyzing and identifying vulnerabilities that are introduced by these third-party applications. In particular, we will build third-party applications (called Skills) for Alexa, the voice assistant developed by Amazon. We will analyze existing exploits, identify accessible data and propose an adversarial framework that deceives users into disclosing private information. For this purpose, we developed four different malicious Skills that harvest different pieces of private information from users. We perform a usability analysis on the Skills and feasibility analysis on the publishing pipeline for one of the Skills.
Springer
Corbett, Jack
a7e73d56-d205-4e88-bd0c-1055ee80a2ae
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Corbett, Jack
a7e73d56-d205-4e88-bd0c-1055ee80a2ae
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e

Corbett, Jack and Karafili, Erisa (2021) Private data harvesting on Alexa using third-party skills. In 4th International Workshop on Emerging Technologies for Authorization and Authentication (ETAA) @ESORICS2021. Springer.. (In Press)

Record type: Conference or Workshop Item (Paper)

Abstract

We are currently seeing an increase in the use of voice assistants which are used for various purposes. These assistants have a wide range of inbuilt functionalities with the possibility of installing third-party applications. In this work, we will focus on analyzing and identifying vulnerabilities that are introduced by these third-party applications. In particular, we will build third-party applications (called Skills) for Alexa, the voice assistant developed by Amazon. We will analyze existing exploits, identify accessible data and propose an adversarial framework that deceives users into disclosing private information. For this purpose, we developed four different malicious Skills that harvest different pieces of private information from users. We perform a usability analysis on the Skills and feasibility analysis on the publishing pipeline for one of the Skills.

Text
CorbettKarafili21
Available under License University of Southampton Accepted Manuscript Licence.
Download (603kB)

More information

Accepted/In Press date: 5 September 2021
Learn more about Cyber Security research

Identifiers

Local EPrints ID: 451738
URI: http://eprints.soton.ac.uk/id/eprint/451738
PURE UUID: 08e1eb38-efa8-47ad-b78f-a4ba37255be6
ORCID for Erisa Karafili: ORCID iD orcid.org/0000-0002-8250-4389

Catalogue record

Date deposited: 25 Oct 2021 16:30
Last modified: 14 Mar 2024 03:16

Export record

Contributors

Author: Jack Corbett
Author: Erisa Karafili ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×