Abstract
Voice assistants are becoming increasingly pervasive due to the convenience and automation they provide through the voice interface. However, such convenience often comes with unforeseen security and privacy risks. For example, encrypted traffic from voice assistants can leak sensitive information about their users’ habits and lifestyles. In this paper, we present a taxonomy of fingerprinting voice commands on the most popular voice assistant platforms (Google, Alexa, and Siri). We also provide a deeper understanding of the feasi- bility of fingerprinting third-party applications and streaming services over the voice interface. Our analysis not only im- proves the state-of-the-art technique but also studies a more real-world setup for fingerprinting voice activities over en- crypted traffic. Our proposed technique considers a passive network eavesdropper observing encrypted traffic from var- ious devices within a home and, therefore, first detects the invocation/activation of voice assistants followed by what spe- cific voice command is issued. Using an end-to-end system design, we show that it is possible to detect when a voice assistant is activated with 99% accuracy and then utilize the subsequent traffic pattern to infer more fine-grained user ac- tivities with around 79% accuracy
Dilawer Ahmed
Phd Student
My research interests include distributed robotics, mobile computing and programmable matter.