Read between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems

Faysal Hossain Shezan, Hang Hu, Jiamin Wang, Gang Wang, Yuan Tian

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Voice Personal Assistant (VPA) systems such as Amazon Alexa and Google Home have been used by tens of millions of households. Recent work demonstrated proof-of-concept attacks against their voice interface to invoke unintended applications or operations. However, there is still a lack of empirical understanding of what type of third-party applications that VPA systems support, and what consequences these attacks may cause. In this paper, we perform an empirical analysis of the third-party applications of Amazon Alexa and Google Home to systematically assess the attack surfaces. A key methodology is to characterize a given application by classifying the sensitive voice commands it accepts. We develop a natural language processing tool that classifies a given voice command from two dimensions: (1) whether the voice command is designed to insert action or retrieve information; (2) whether the command is sensitive or nonsensitive. The tool combines a deep neural network and a keyword-based model, and uses Active Learning to reduce the manual labeling effort. The sensitivity classification is based on a user study (N=404) where we measure the perceived sensitivity of voice commands. A ground-truth evaluation shows that our tool achieves over 95% of accuracy for both types of classifications. We apply this tool to analyze 77,957 Amazon Alexa applications and 4,813 Google Home applications (198,199 voice commands from Amazon Alexa, 13,644 voice commands from Google Home) over two years (2018-2019). In total, we identify 19,263 sensitive "action injection" commands and 5,352 sensitive "information retrieval" commands. These commands are from 4,596 applications (5.55% out of all applications), most of which belong to the "smart home" category. While the percentage of sensitive applications is small, we show the percentage is increasing over time from 2018 to 2019.

Original languageEnglish (US)
Title of host publicationThe Web Conference 2020 - Proceedings of the World Wide Web Conference, WWW 2020
PublisherAssociation for Computing Machinery, Inc
Pages1006-1017
Number of pages12
ISBN (Electronic)9781450370233
DOIs
StatePublished - Apr 20 2020
Event29th International World Wide Web Conference, WWW 2020 - Taipei, Taiwan, Province of China
Duration: Apr 20 2020Apr 24 2020

Publication series

NameThe Web Conference 2020 - Proceedings of the World Wide Web Conference, WWW 2020

Conference

Conference29th International World Wide Web Conference, WWW 2020
CountryTaiwan, Province of China
CityTaipei
Period4/20/204/24/20

Keywords

  • Active-learning.
  • Alexa
  • Google-Home
  • Malicious-command
  • Sensitive-commands
  • Sensitive-keyword
  • Skill
  • Voice-applications

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint Dive into the research topics of 'Read between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems'. Together they form a unique fingerprint.

Cite this