Security Analysis of Smart Speaker

Speech recognition technology has become increasingly common in our lives. A number of smart speakers containing a personal assistant system that uses speech recognition have recently become commercially available. While intelligence and convenience of smart assistants have been the major concern for manufacturers, the security aspect has had little attention. As the smart speaker turns into a hub for home automation, which connects and controls other smart devices, the problems caused by security vulnerabilities become critical. We performed security analysis against five commercial smart speakers. The vulnerabilities we found through this analysis include an opportunity for the attacker to intercept the victim’s voice commands and responses from servers that contain personal information, such as a personal schedule. Another vulnerability allowed the attacker to send arbitrary commands to the smart speaker, which can be a crucial problem if the speaker is capable of controlling safety-related systems, such as a door lock. In this talk, we will present several vulnerabilities of commercial smart speakers and offer guidelines to mitigate these vulnerabilities.