Threat:
Using AI to Hack Intelligent Personal Assistant (Google Voice Assistant, S Voice, Cortana, Alexa and Siri). Intelligence Personal Assistant has become increasingly popular. They have access to system resources and private information. As a result, it has also become a target for attackers to hack into the smartphones.
Threat Origin:
Rise of Concerns About AI: Reflections and Directions
Exploit Example:
Using AI to Hack IA: A New Stealthy Spyware Against Voice Assistance Functions in Smart Phones 2
Monkey Says, Monkey Does: Security and Privacy on Voice Assistants 3
CVE Example:
CVE - CVE-2020-1809
CVE - CVE-2019-20599
Possible Countermeasures:
Mobile Device User:
Activate alerts to notify the user when the voice assistant is actively listening
Review the default settings, and delete old recordings
Create strong password for the app or online account that controls the voice assistant.
Know the other devices connected to the voice assistant and add PIN to control access to those devices.
Secure the router, the more secure the router is the more secure connected devices would be
Mobile App Developer
Add biometric system to authenticate the user before using the voice assistant.
References:
Thomas G. Dietterich and Eric J. Horvitz, "Rise of Concerns About AI: Reflections and Directions", article, Oct. 2015; https://dl.acm.org/doi/pdf/10.1145/2770869 [accessed 8/1/2022]
Ronjunchen Zhang, Xiao Chen, Sheng Wen, and Surya Nepal, "Using AI to Hack IA: A New Stealthy Spyware Against Voice Assistance Functions in Smart Phones ", article, 16 May 2018; https://arxiv.org/pdf/1805.06187.pdf [accessed 8/1/2022]
New Threat
Threat Category:
Threat: Using AI to Hack Intelligent Personal Assistant (Google Voice Assistant, S Voice, Cortana, Alexa and Siri). Intelligence Personal Assistant has become increasingly popular. They have access to system resources and private information. As a result, it has also become a target for attackers to hack into the smartphones.
Threat Origin: Rise of Concerns About AI: Reflections and Directions
Exploit Example: Using AI to Hack IA: A New Stealthy Spyware Against Voice Assistance Functions in Smart Phones 2 Monkey Says, Monkey Does: Security and Privacy on Voice Assistants 3
CVE Example:
Possible Countermeasures: Mobile Device User: Activate alerts to notify the user when the voice assistant is actively listening Review the default settings, and delete old recordings Create strong password for the app or online account that controls the voice assistant. Know the other devices connected to the voice assistant and add PIN to control access to those devices. Secure the router, the more secure the router is the more secure connected devices would be
Mobile App Developer Add biometric system to authenticate the user before using the voice assistant.
References: