Security

Amazon Alexa Security Risk Allows Hackers to Take Over Voice Commands, Steal Private Information

New Threat Called "Skill Squatting" Discovered by UIUC

The world is changing and in the modern era, we are becoming reliant on our Internet of Things devices by the day. But this reliances could cost us everything, it could allow someone to steal our identity, bank information, medical history, and what not.

Amazon Alexa has been criticised for having a number of security flaws but Amazon has been quick to deal with them. However, this new security flaw may not have a fix at all. And this could be the most dangerous security threat yet.

According to research conducted by the University of Illinois at Urbana-Champaign (UIUC), Amazon Alexa’s idiosyncrasies can be exploited through voice-commands to route users to malicious websites. Hackers are targeting the loopholes in machine learning algorithms to access private information.

A method called “Skill squatting” is created by the University of Illinois at Urbana-Champaign researchers and is a successful method to trick Amazon Alexa into routing users to malicious platforms using voice commands on Amazon Echo devices.

Many users frequently mispronounce words which often results in interpretations errors by Alexa, the speech engine powering Amazon Echo. Researchers used 11,460 speech samples from the English language words spoken by Americans.

They then studied where Alexa misinterpreted voice commands, how often it does it, and why. They were able to find that certain misinterpretations occur regularly.

So using “Skill squatting,” a hacker can use these systematic errors to route Amazon Echo users to malicious applications, websites, and risk their private information. The method can be used to target certain demographics, especially, those who aren’t fluent in English.

In a variant of the attack we call spear skill squatting, we further demonstrate that this attack can be targeted at specific demographic groups. We conclude with a discussion of the security implications of speech interpretation errors, countermeasures, and future work.

The issue may not be an easy fix as it depends on the very machine learning principles Alexa and other AI machines are built on. Amazon claims it has measures in place to counter this issue but University of Illinois research says otherwise.

They claim that this won’t be an easy fix and would bring serious issues in the future.

Close