Encrypted Traffic Analysis on Smart Speakers with Deep Learning

Kennedy, Sean M.

21 October 2019

No description available.

Computer Science

Encrypted Traffic Analysis

Smart Speaker

Security

Privacy

Deep Learning

Amazon Echo

Improving the Privacy, Usability, and Context-Awareness of Smart Speakers

Alrumayh, Abrar S., 0000-0003-2275-0729

January 2022

Smart speakers, such as the Amazon Echo or Google Home, have become ubiquitous in our daily lives due to their convenience, which offers interactive actions through the use of simple voice commands. These devices allow users to issue a wide range of commands for a variety of services. Users can ask in natural language questions about the weather, stock market, online shopping orders, and other general information. These devices can also be used to control lights, and heating systems, and set timers and alarms in the smart home. However, as smart speaker systems become more prevalent, new security and privacy, usability, and context awareness concerns will need to be explored and addressed. In this dissertation, we carry out the effort to understand and mitigate privacy leaks from third-party applications, improve usability testing using interactability metrics, and improve context-awareness in a multi-occupant home using background sounds. We first study the privacy risks resulting from smart speaker apps developed by third-party developers. Having a device permanently on and always listening led to concerns over user privacy. In addition, the use of the third-party app on smart speaker platforms introduces arguably more serious privacy risks than using only the platform's built-in apps, due to the open nature of the app marketplaces. We explore how an adversary can efficiently create a valid smart speaker app to eavesdrop on users. We developed three different strategies for implementing a malicious app. To mitigate this threat, we propose a strategy for users to limit the success of this adversary. We designed a measurement app to look at the effect of various environmental factors in the home impacting what the third party can hear, and therefore provide users with a recommendation to place their smart speaker in locations that limit the success of this adversary. Next, we propose the idea of an interactability score to quantify how well a smart speaker app can accept potentially different ways a user may express their commands. However, voice-generated input data creates many unpredictable test cases since there are many different ways of how someone will express the same intention. In addition, each third-party developer could implement their own voice commands, making it difficult for users to remember what commands a particular app can process. The architecture of current smart speaker apps further complicates the testing process since the app is hosted on the smart speaker platform as a black-box. Therefore, we develop a testing framework to automatically and systematically evaluate the interactability of the smart speaker applications. It measures how well an app has been implemented to accept different kinds of user interaction. We also focus on improving context-awareness access control for smart speakers. The convenience of these devices is tempered by the possibility of performing unintended or intended actions. At home, the device is usually placed in a fixed location and accessed by multiple people with complex relationships between them, and these complex relationships can lead to complex access control requirements, where the context factors and interpersonal relationships should play a significant role. We design a system to be run on a smart speaker that makes use of the sounds in the home to estimate the current state of the house, e.g. number of occupants, activities being engaged, social relation of occupants, etc. This context information is used to decide whether to execute the command, prompt for confirmation or reject the command entirely. We also designed a simple pictorial configuration utility to help non-expert users configure their access rules. / Computer and Information Science

Computer science

Context-awareness

Privacy

Security

Smart speaker

System design and evaluation

Usability

Understanding the Effects of Smart-Speaker Based Surveys on Panelist Experience in Immersive Consumer Testing

Soldavini, Ashley M.

22 July 2022

No description available.

Food Science

Smart-Speaker

Amazon Alexa

Consumer Testing

Immersive Testing

Engagement

Usability

Penetration testing of a smart speaker / Penetrationstestning av en smart högtalare

Nouiser, Amin

January 2023

Smart speakers are becoming increasingly ubiquitous. Previous research has studied the security of these devices; however, only some studies have employed a penetration testing methodology. Moreover, most studies have only investigated models by well-known brands such as the Amazon or Google. Therefore, there is a research gap of penetration tests on less popular smart speaker models. This study aims to address this gap by conducting a penetration test on the less popular JBL Link Music with firmware version 23063250. The results show that the speaker is subject to several security threats and is vulnerable to some attacks. The Bluetooth Low Energy implementation is vulnerable to passive eavesdropping. Additionally, the speaker is vulnerable to an 802.11 denial of service attack, and a boot log containing sensitive information can be accessed through a serial communication interface. It is concluded that the speaker is, in some aspects, insecure. / Smarta högtalare blir alltmer närvarande. Tidigare forskning har undersökt säkerheten kring dessa, dock har endast några använt en penetrerings testnings metolologi. Därutover har de flesta studier endast studerat modeller av välkända varumärken som Google eller Amazon. Därmed finns en vetenskaplig kunskapslucka kring penetrationstester av mindre populära modeller. Denna studie syftar till att bemöta denna lucka genom att utföra ett penetrationstest av den mindre populära JBL Link Music med mjukvaruversion 23063250. Resultaten visar att högtalaren är utsatt för flera säkerhetshot och är sårbar för några attacket. Bluetooth Low Energy implementationen är sårbar för passiv avlyssning. Därutöver är högtalaren sårbar för en 802.11 denial of service attack och en boot logg innehållande känslig information kan nås genom ett seriellt kommunikations gränssnitt. Slutsatsen dras att högtalaren, i vissa aspekter, är osäker.

Penetration testing

Ethical hacking

Smart speaker

Cybersecurity

Internet of Things

Penetrationstestning

Etisk hackning

Smart högtalare

Cybersäkerhet

Sakernas Internet

Computer and Information Sciences

Data- och informationsvetenskap

Structural changes in online retailing and the marketing mix: An analysis considering multichannel online retailing and voice dialog interfaces

Naujoks, Tobias

23 November 2020

The online retail environment is expanding, enhancing the possibilities for customers to shop online. On the one hand, a proliferation of online channels establishes a multichannel online retailing landscape, which offers customers more alternatives in terms of where to shop online. On the other hand, a change in the user interaction mode of existing customer touchpoints, from graphics to voice, creates new voice dialog interfaces, which enhance the way with regard to how customers can shop online. In this context, this publication-based dissertation aims to generate theoretical and practical contributions on these two most recent developments in online retailing, i.e., multichannel online retailing and voice dialog interfaces, to improve marketing mix decision-making.

info:eu-repo/classification/ddc/330

ddc:330