Dangerous Skills - Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems

Explore the security vulnerabilities of virtual personal assistants (VPAs) like Amazon Alexa and Google Assistant in this 19-minute IEEE conference talk. Delve into two newly discovered attacks: voice squatting and voice masquerading, which exploit the way skills are invoked and users' misconceptions about VPA functionalities. Learn about the researchers' experiments on Amazon Echo and Google Home, including user studies and real-world deployments, that demonstrate the realistic threat these attacks pose. Discover the significance of these findings, acknowledged by Amazon and Google, and the development of a new squatting detector for identifying risky skills on Alexa and Google markets. Gain insights into an innovative technique for automatically capturing ongoing masquerading attacks and its proven effectiveness in enhancing VPA security.