In this chapter, we explore in depth the voice-command self-issue attack. We first introduce Alexa versus Alexa (AvA), an attack discovered in 2021 that leverages self-activation alongside two additional vulnerabilities we found on Amazon Echo Dot devices by applying the HAVOC Kill Chain. Then we compare AvA with other instances of the self-issue attack in Windows and Android systems, and with other similar work. Finally, we assess the current state of the attack (i.e. if nowadays the impact and the attack surface has changed from 2021) and discuss possible future risks stemming from AvA.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

The Alexa Versus Alexa Attack

  • Sergio Esposito,
  • Daniele Sgandurra,
  • Giampaolo Bella,
  • Daniel O’Keeffe

摘要

In this chapter, we explore in depth the voice-command self-issue attack. We first introduce Alexa versus Alexa (AvA), an attack discovered in 2021 that leverages self-activation alongside two additional vulnerabilities we found on Amazon Echo Dot devices by applying the HAVOC Kill Chain. Then we compare AvA with other instances of the self-issue attack in Windows and Android systems, and with other similar work. Finally, we assess the current state of the attack (i.e. if nowadays the impact and the attack surface has changed from 2021) and discuss possible future risks stemming from AvA.