TY - GEN
T1 - Understanding and Mitigating Privacy Leaks from Third-Party Smart Speaker Apps
AU - Alrumayh, Abrar S.
AU - Lehman, Sarah M.
AU - Tan, Chiu C.
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Smart speaker systems provide a platform for third-party developers to develop their own apps. This paper looks at ways a malicious third-party developer can create a valid smart speaker app to eavesdrop on users. We find that using the provided APIs together with machine learning techniques, we are able to overhear 50% of what the user says, capture at most 70% of triggered words from advertisements, and determine the advertisement category with overall accuracy up to 81.5%. To mitigate this threat, we propose a strategy for users to limit the success of this adversary. We run a series of experiments to look at the impact of a number of factors at the home on what the 3rd party app can hear. We find that word capture appears to peak when the speaker is placed 3m or less from the audio source, and audio is playing at an approximate volume of 70dB or more. The inclusion of background noise actually improves data collection performance by helping to keep the session alive longer, especially when the user is pausing or not speaking.
AB - Smart speaker systems provide a platform for third-party developers to develop their own apps. This paper looks at ways a malicious third-party developer can create a valid smart speaker app to eavesdrop on users. We find that using the provided APIs together with machine learning techniques, we are able to overhear 50% of what the user says, capture at most 70% of triggered words from advertisements, and determine the advertisement category with overall accuracy up to 81.5%. To mitigate this threat, we propose a strategy for users to limit the success of this adversary. We run a series of experiments to look at the impact of a number of factors at the home on what the 3rd party app can hear. We find that word capture appears to peak when the speaker is placed 3m or less from the audio source, and audio is playing at an approximate volume of 70dB or more. The inclusion of background noise actually improves data collection performance by helping to keep the session alive longer, especially when the user is pausing or not speaking.
KW - Audio-based Apps
KW - Privacy
KW - Smart speaker
UR - http://www.scopus.com/inward/record.url?scp=85125638151&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85125638151&partnerID=8YFLogxK
U2 - 10.1109/CNS53000.2021.9705042
DO - 10.1109/CNS53000.2021.9705042
M3 - Conference contribution
AN - SCOPUS:85125638151
T3 - 2021 IEEE Conference on Communications and Network Security, CNS 2021
SP - 263
EP - 271
BT - 2021 IEEE Conference on Communications and Network Security, CNS 2021
T2 - 2021 IEEE Conference on Communications and Network Security, CNS 2021
Y2 - 4 October 2021 through 6 October 2021
ER -