Understanding and Mitigating Privacy Leaks from Third-Party Smart Speaker Apps

Abrar S. Alrumayh, Sarah M. Lehman, Chiu C. Tan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Smart speaker systems provide a platform for third-party developers to develop their own apps. This paper looks at ways a malicious third-party developer can create a valid smart speaker app to eavesdrop on users. We find that using the provided APIs together with machine learning techniques, we are able to overhear 50% of what the user says, capture at most 70% of triggered words from advertisements, and determine the advertisement category with overall accuracy up to 81.5%. To mitigate this threat, we propose a strategy for users to limit the success of this adversary. We run a series of experiments to look at the impact of a number of factors at the home on what the 3rd party app can hear. We find that word capture appears to peak when the speaker is placed 3m or less from the audio source, and audio is playing at an approximate volume of 70dB or more. The inclusion of background noise actually improves data collection performance by helping to keep the session alive longer, especially when the user is pausing or not speaking.

Original languageEnglish
Title of host publication2021 IEEE Conference on Communications and Network Security, CNS 2021
Pages263-271
Number of pages9
ISBN (Electronic)9781665444965
DOIs
StatePublished - 2021
Event2021 IEEE Conference on Communications and Network Security, CNS 2021 - Tempe, United States
Duration: 4 Oct 20216 Oct 2021

Publication series

Name2021 IEEE Conference on Communications and Network Security, CNS 2021

Conference

Conference2021 IEEE Conference on Communications and Network Security, CNS 2021
Country/TerritoryUnited States
CityTempe
Period4/10/216/10/21

Keywords

  • Audio-based Apps
  • Privacy
  • Smart speaker

Fingerprint

Dive into the research topics of 'Understanding and Mitigating Privacy Leaks from Third-Party Smart Speaker Apps'. Together they form a unique fingerprint.

Cite this