Amazon's Alexa reports 'Alexa versus Alexa', an attack method that hacks itself with voice commands
Alexa, a voice assistant installed in the smart speaker Amazon Echo, can recognize voice and perform various actions. At the same time, it can be said that even a malicious attack command may be executed if there is voice input, but this time, Amazon Echo itself issues even if there is no voice from another terminal or attacker. It was reported that there was an attack called 'Alexa versus Alexa (AVA)' that could hack itself with a voice command.
[2202.08619] Alexa versus Alexa: Controlling Smart Speakers by Self-Issuing Voice Commands
Attackers can force Amazon Echos to hack themselves with self-issued commands | Ars Technica
This paper was written by Sergio Esposito and Daniele Sgandurra of the Royal Holloway University of London, and Giampaolo Bella of the University of Catania, Italy.
'AVA' reported by Esposito et al. Is an attack that utilizes the vulnerability of 'self-issued commands' that Amazon Echo correctly interprets voice commands sent from voice files even if the terminal itself plays them.
AVA allows an attacker to control the Echo by issuing commands that the Echo can execute on behalf of the user. For example, you will be able to control other smart appliances, purchase goods, modify linked calendar information, and eavesdrop on users.
In addition, it is said that two additional vulnerabilities of Amazon Echo, 'Full Volume' and 'Break Tag Chain', were discovered.
'Full Volume' doubles the recognition rate of self-issued commands on average, allowing attackers to execute self-issued commands even more efficiently.
The Break Tag Chain extends the time a skill can be performed without user intervention from 8 seconds to over an hour, allowing attackers to set realistic social engineering scenarios.
By exploiting these vulnerabilities, an attacker can issue commands correctly with an extremely high probability and control Amazon Echo for a long time.
This vulnerability has been reported via Amazon's vulnerability investigation program and has been rated as 'Medium' in severity score. The reason is that in order to make Amazon Echo issue commands, it is necessary for the attacker's terminal to be close even for a short time due to Bluetooth pairing with Echo, and the attacking terminal will use Bluetooth even after pairing. This is because it must be within the possible range and cannot be used for indiscriminate attacks from the Internet.
Amazon has already addressed some vulnerabilities, but there are still possible attacks, and Esposito et al. As a countermeasure, mute the microphone except when actively using Amazon Echo. It is recommended to keep it.
Related Posts: