Enlarge /. LeakyPick monitors a network to which an Amazon Echo is connected.
Mitev et al.
As Amazon Alexa and other voice assistants become more popular, the number of ways these assistants affect users' privacy also increases. Examples include hacks that use lasers to secretly unlock connected doors and start cars, malicious assistant apps that eavesdrop on passwords and phishing, and discussions that are secretly and routinely monitored by the provider's employees or for use in criminal proceedings be preloaded. Now researchers have developed a device that will one day allow users to regain their privacy by warning if these devices accidentally or deliberately sniff people nearby.
LeakyPick is placed in different rooms of a house or office to detect the presence of devices that stream audio nearby to the Internet. By issuing tones periodically and monitoring subsequent network traffic (which can be configured to send tones when users are away), the $ 40 prototype detects audio transmission with 94 percent accuracy. The device monitors network traffic and issues a warning if the identified devices are streaming ambient noise.
LeakyPick also tests devices for false positive wake-up words. H. Words that wizards incorrectly activate. So far, the researchers' device has found 89 words that unexpectedly caused Alexa to stream audio to Amazon. Two weeks ago, another team of researchers published more than 1,000 words or phrases that create false triggers that cause the devices to send audio to the cloud.
"For many privacy-conscious consumers, it is a worrying prospect to have voice assistants with Internet-connected (with) microphones in their homes, even though smart devices are promising technologies to improve home automation and physical security," said Ahmad-Reza Sadeghi. One of the researchers who designed the device said in an email. "The LeakyPick device identifies smart home devices that unexpectedly record audio and send it to the Internet, and warns the user."
Withdrawal of the user's privacy
Voice-controlled devices typically use local speech recognition to recognize wake-up words, and for convenience, the devices are often programmed to accept words that sound similar. If a nearby utterance resembles a wake-up word, the wizards send audio to a server with more extensive speech recognition. Wizards are not only dependent on these accidental transmissions, they are also prone to hacks that intentionally trigger wake-up words, send audio to attackers, or perform other security-related tasks.
In an article published earlier this month, Sadeghi and other researchers – from Darmstadt University, Paris Saclay University, and North Carolina State University – wrote:
The aim of this document is to develop a method for regular users that can reliably identify IoT devices that 1) are equipped with a microphone and 2) send recorded audio from the user's home to external services without the user User noticed this. If LeakyPick can detect which network packets contain audio recordings, it can inform the user which devices send audio to the cloud, since the source of the network packets can be identified by the hardware network addresses. In this way, both unintentional audio transmissions to the cloud and the attacks mentioned above, in which opponents attempt to initiate certain actions by feeding audio into the device environment, can be identified.
To achieve all of this, the researchers had to overcome two challenges. The first is that most of the wizard traffic is encrypted. This prevents LeakyPick from checking packet payloads to detect audio codecs or other signs of audio data. Second, as new, previously invisible voice assistants are constantly emerging, LeakyPick needs to recognize audio streams from devices without having to be trained for each device. Previous approaches, including one called HomeSnitch, required training for each device model.
To overcome the hurdles, LeakyPick regularly transmits audio in a room and monitors the resulting network traffic from connected devices. By temporarily correlating the audio probes with the observed characteristics of the following network traffic, LeakyPick lists connected devices that are likely to transmit audio. One way the device can identify likely audio transmissions is to look for sudden outbursts of outbound traffic. Voice activated devices typically send limited amounts of data when they are inactive. A sudden surge usually indicates that a device has been activated and is sending audio over the Internet.
Using bursts alone can lead to false alarms. To sort them out, LeakyPick uses a statistical approach based on an independent two-sample t-test to compare the functions of a device's network traffic when idle and when responding to audio probes. This method has the additional advantage of working on devices that the researchers have never analyzed. With this method, LeakyPick can be used not only for voice assistants who use wake-up words, but also for surveillance cameras and other Internet-of-Things devices that transmit audio without wake-up words.
The researchers summarized their work as follows:
At a high level, LeakyPick overcomes research challenges by regularly broadcasting audio into a room and monitoring subsequent network traffic from devices. As shown in Figure 2, the main component of LeakyPick is a tester that sends audio probes nearby. By correlating these audio probes in time with observed characteristics of subsequent network traffic, LeakyPick identifies devices that may have responded to the audio probes by sending audio recordings.
LeakyPick identifies network flows that contain audio recordings based on two key ideas. First, an audio probe is searched for traffic jams. Our observation is that voice-activated devices do not normally send a lot of data unless they are active. For example, our analysis shows that Alexa-enabled devices regularly send small data bursts every 20 seconds, medium bursts every 300 seconds, and large bursts every 10 hours. We also found that the resulting audio transmission burst has different properties when activated by an audio stimulus. However, using traffic bursts alone leads to high false-positive rates.
Second, LeakyPick uses statistical tests. Conceptually, a basic measurement of the idle traffic is recorded for each monitored device. An independent two-sample t-test is then used to compare the functions of the device's idle network traffic and data traffic when the device communicates after the audio probe. This statistical approach has the advantage that it is inherently device-independent. As we show in Section 5, this statistical approach works as well as machine learning, but is not limited by a priori knowledge of the device. It therefore surpasses machine learning approaches in cases where no pre-trained model is available for the specific device type.
Finally, LeakyPick works for both devices that use a wake-up word and devices that don't. For devices such as surveillance cameras that do not use a wake-up word, LeakyPick does not have to perform any special operations. Sending audio triggers the audio transmission. For devices that use a wake-up word or tone, e.g. For example, voice assistants, security systems that react to broken glass or dog barking, LeakyPick is configured so that the probes are preceded by known wake-up words and noises (eg "Alexa", "Hey Google"). ). It can also be used to fool wake words to identify words that are inadvertently transmitting audio recordings.
Protection against accidental and malicious leaks
So far, LeakyPick – which takes its name from its mission to detect audio loss from network-connected devices – has discovered 89 non-wake words that can cause Alexa to send audio to Amazon. As usage increases, LeakyPick will likely find additional words in Alexa and other voice assistants. The researchers have already found several false alarms in Google Home. The 89 words can be found on page 13 of the document linked above.
In addition to detecting accidental audio transmissions, the device detects virtually every activation of a voice assistant, including malicious ones. An attack demonstrated last year resulted in devices unlocking doors and starting cars when connected to a smart home by pointing lasers at Alexa, Google Home, and Apple Siri devices. Sadeghi said LeakyPick would easily recognize such a hack.
The hardware prototype consists of a Raspberry Pi 3B that is connected to the local network via Ethernet. It is also connected via a headphone jack to a PAM8403 amplifier board, which in turn is connected to a single generic 3W speaker. The device captures network traffic using a TP-LINK TL-WN722N USB WiFi dongle that creates a wireless access point using hostapd and dnsmasq as a DHCP server. All nearby wireless IoT devices will then connect to this access point.
To enable LeakyPick to access the Internet, the researchers activated packet forwarding between the Ethernet (connected to the network gateway) and the wireless network interfaces. The researchers wrote LeakyPick in Python. They use tcpdump to record packets and Google's text-to-speech engine to generate the audio played by the tester.
Given the increasing use of nearby audio streaming devices and the growing number of ways they can fail or be hacked, it's good to see research that suggests a simple and inexpensive way to prevent leaks. Until devices like LeakyPick become available – and after that – people should ask carefully whether the benefits of voice assistants are worth the risks. If assistants are present, users should leave them turned off or unplugged unless they are actively used.