Skip to main content
Springer Nature Link
Log in

The VOCODES Kill Chain for Voice Controllable Devices

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14399))

Included in the following conference series:

  • 737 Accesses

Abstract

In this paper, we introduce a formalisation of attacks on Voice Controllable Devices (VCDs), focusing specifically on attacks leveraging the voice command self-issue. The presentation starts from the seminal Lockheed Martin kill chain, which is used to derive a tailored kill chain with the necessary steps to perform self-activation attacks. Our new kill chain, termed the VOice COntrollable DEvice Self-issue (VOCODES) kill chain, is relevant to assess both ongoing and past attacks, enhancing analysis activities of both ethical adversaries and of defenders. To demonstrate VOCODES in practice, we use it to analyse a popular self-issue attack against Amazon Echo devices, that is, the AvA attack. We show that the VOCODES kill chain succeeds in the full description of the attack and all its nuances. Moreover, it is effective to quickly map out the attacker’s malicious activities over specific attack steps, thereby favouring their interpretation. Finally, we show that, even if VOCODES is derived from the Lockheed Martin kill chain, VOCODES addresses some of the drawbacks of the seminal kill chain which have been pointed out over the years.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Cunningly, BMW IPA allows the user to choose a custom wake-word, so “Alexa” could potentially be a valid wake-word.

  2. 2.

    https://nvd.nist.gov/vuln/detail/CVE-2022-25809.

  3. 3.

    https://www.ava-attack.org/.

  4. 4.

    Within the AvA paper, it is said that Echo reduces the playback volume upon hearing the wakeword. However, a bypass to this behaviour is also shown and it has not been fixed as of today.

References

  1. Adams, E.: Avoiding Wake-Word Self-Triggering (2018). https://patents.google.com/patent/US20190311719A1/en. Accessed 04 Dec 2020

  2. Alepis, E., Patsakis, C.: Monkey says, monkey does: security and privacy on voice assistants. IEEE Access 5, 17841–17851 (2017). https://doi.org/10.1109/ACCESS.2017.2747626

    Article  Google Scholar 

  3. Amazon.com Inc.: Amazon Echo & Alexa Devices (2022). https://www.amazon.com/smart-home-devices/b?node=9818047011. Accessed 11 Aug 2022

  4. Bella, G., Biondi, P., Bognanni, S., Esposito, S.: Petiot: penetration testing the internet of things. Internet of Things 22, 100707 (2023). https://doi.org/10.1016/j.iot.2023.100707, https://www.sciencedirect.com/science/article/pii/S2542660523000306

  5. BMW (UK) Limited: BMW Online Genius - What is Intelligent Personal Assistant? (2021). https://discover.bmw.co.uk/help/technology/what-is-ipa. Accessed 05 Dec 2022

  6. Chen, Y., et al.: Devil’s whisper: a general approach for physical adversarial attacks against commercial black-box speech recognition devices. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2667–2684. USENIX Association (2020). https://www.usenix.org/conference/usenixsecurity20/presentation/chen-yuxuan

  7. Dasgupta, P.B.: Detection and analysis of human emotions through voice and speech pattern processing. arXiv preprint arXiv:1710.10198 (2017)

  8. Diao, W., Liu, X., Zhou, Z., Zhang, K.: Your voice assistant is mine: how to abuse speakers to steal information and control your phone. In: Wang, C., Huang, D., Singh, K., Liang, Z. (eds.) Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, SPSM@CCS 2014, Scottsdale, AZ, USA, November 03–07, 2014, pp. 63–74. ACM (2014). https://doi.org/10.1145/2666620.2666623

  9. Edu, J.S., Such, J.M., Suarez-Tangil, G.: Smart home personal assistants: a security and privacy review. ACM Comput. Surv. 53(6) (2020). https://doi.org/10.1145/3412383

  10. Esposito, S., Sgandurra, D., Bella, G.: Alexa versus Alexa: controlling smart speakers by self-issuing voice commands. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 1064–1078 (2022)

    Google Scholar 

  11. Esposito, S., Sgandurra, D., Bella, G.: Protecting voice-controllable devices against self-issued voice commands. In: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS &P), pp. 160–174 (2023). https://doi.org/10.1109/EuroSP57164.2023.00019

  12. Google LLC: Compare the Google Nest family (2022). https://store.google.com/gb/magazine/compare_speakers. Accessed 11 Aug 2022

  13. Grenard, L.: Leon - Your Open-Source Personal Assistant (2019). https://getleon.ai/. Accessed 05 Dec 2022

  14. Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)

    Google Scholar 

  15. Jang, Y., Song, C., Chung, S.P., Wang, T., Lee, W.: A11y attacks: exploiting accessibility in operating systems. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. CCS 2014, New York, NY, USA, pp. 103–115. Association for Computing Machinery (2014). https://doi.org/10.1145/2660267.2660295

  16. Kim, H., Kwon, H., Kim, K.K.: Modified cyber kill chain model for multimedia service environments. Multimedia Tools Appl. 78(3), 3153–3170 (2019)

    Article  Google Scholar 

  17. Kumar, D., et al.: Skill squatting attacks on amazon Alexa. In: 27th USENIX Security Symposium (USENIX Security 2018), Baltimore, MD, pp. 33–47. USENIX Association (2018), https://www.usenix.org/conference/usenixsecurity18/presentation/kumar

  18. Lang, J.P.: Wake-Word Detection Suppression (2017). https://patents.google.com/patent/US10475449B2/en. Accessed 04 Dec 2020

  19. Li, J., Qu, S., Li, X., Szurley, J., Kolter, J.Z., Metze, F.: Adversarial music: real world audio adversary against wake-word detection system. In: Wallach, H.M., Larochelle, H., Beygelzimer, A., d’Alché-Buc, F., Fox, E.B., Garnett, R. (eds.) Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019(December), pp. 8–14, 2019. Vancouver, BC, Canada, pp. 11908–11918 (2019). https://proceedings.neurips.cc/paper/2019/hash/ebbdfea212e3a756a1fded7b35578525-Abstract.html

  20. Malone, S.: The Expanded Cyber Kill Chain Model (2016). https://www.seantmalone.com/docs/us-16-Malone-Using-an-Expanded-Cyber-Kill-Chain-Model-to-Increase-Attack-Resiliency.pdf

  21. Microsoft Corporation: Text to Speech - Realistic AI Voice Generator | Microsoft Azure (2022). https://azure.microsoft.com/en-us/products/cognitive-services/text-to-speech/. Accessed 06 Dec 2022

  22. Mitev, R., Miettinen, M., Sadeghi, A.R.: Alexa lied to me: skill-based man-in-the-middle attacks on virtual assistants. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. Asia CCS 2019, New York, NY, USA, pp. 465–478. Association for Computing Machinery (2019). https://doi.org/10.1145/3321705.3329842

  23. Mycroft AI Inc: Mark II - Mycroft (2021). https://mycroft.ai/product/mark-ii/. Accessed 05 Dec 2022

  24. Pogue, M.A., Hilmes, P.R.: Detecting Self-Generated Wake Expressions (2013). https://patents.google.com/patent/US9747899B2/en. Accessed 04 Dec 2020

  25. Pols, P., van den Berg, J.: The Unified Kill Chain. CSA Thesis, Hague, pp. 1–104 (2017)

    Google Scholar 

  26. Ponticello, A.: Towards secure and usable authentication for voice-controlled smart home assistants. Ph.D. thesis, Wien (2020)

    Google Scholar 

  27. Statista Inc.: Smart home - Statistics & Facts (2022). https://www.statista.com/topics/2430/smart-homes/. Accessed 11 Aug 2022

  28. Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Light commands: laser-based audio injection attacks on voice-controllable systems. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2631–2648. USENIX Association (2020). https://www.usenix.org/conference/usenixsecurity20/presentation/sugawara

  29. The MITRE Corporation: MITRE ATT &CK (2013). https://attack.mitre.org/. Accessed 03 Jan 2023

  30. U.S. Army: A Military Guide to Terrorism in the Twenty-first Century. Cosimo reports, Cosimo, Incorporated (2010). https://books.google.it/books?id=vmUjcAAACAAJ

  31. Willison, R., Siponen, M.: Overcoming the insider: reducing employee computer crime through situational crime prevention. Commun. ACM 52(9), 133–137 (2009)

    Article  Google Scholar 

  32. Yan, Q., Liu, K., Zhou, Q., Guo, H., Zhang, N.: SurfingAttack: interactive hidden attack on voice assistants using ultrasonic guided waves. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23–26, 2020. The Internet Society (2020). https://www.ndss-symposium.org/ndss-paper/surfingattack-interactive-hidden-attack-on-voice-assistants-using-ultrasonic-guided-waves/

  33. Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., Xu, W.: DolphinAttack: inaudible voice commands. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS 2017, pp. 103–117, New York, NY, USA. Association for Computing Machinery (2017). https://doi.org/10.1145/3133956.3134052

  34. Zhang, N., Mi, X., Feng, X., Wang, X., Tian, Y., Qian, F.: Dangerous skills: understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1381–1396 (2019)

    Google Scholar 

Download references

Acknowledgements

Sergio Esposito’s research was supported by a PhD studentship from Royal Holloway, University of London. Giampaolo Bella acknowledges financial support from: PNRR MUR project PE0000013-FAIR.

Author information

Authors and Affiliations

  1. Royal Holloway, University of London, London, UK

    Sergio Esposito & Daniele Sgandurra

  2. Università degli Studi di Catania, Catania, Italy

    Giampaolo Bella

Authors
  1. Sergio Esposito
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniele Sgandurra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giampaolo Bella
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sergio Esposito .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  3. University of Trento, Trento, Italy

    Silvio Ranise

  4. University of Genoa, Genoa, Italy

    Luca Verderame

  5. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  6. SINTEF A.S., Oslo, Norway

    Rita Ugarelli

  7. Instituto Superior de Engenharia do Porto, Porto, Portugal

    Isabel Praça

  8. Hong Kong Polytechnic University, Hong Kong, China

    Wenjuan Li

  9. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

  11. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  12. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  13. Institute for Energy Technology (IFE), Halden, Norway

    Ankur Shukla

  14. University of Calabria, Rende, Italy

    Michele Ianni

  15. University of Verona, Verona, Italy

    Mila Dalla Preda

  16. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  17. University of Lisbon, Lisbon, Portugal

    Miguel Pupo Correia

  18. University of Twente, Enschede, The Netherlands

    Abhishta Abhishta

  19. University of Amsterdam, Amsterdam, The Netherlands

    Giovanni Sileno

  20. Open University in the Netherlands, Heerlen, The Netherlands

    Mina Alishahi

  21. Robert Gordon University, Aberdeen, UK

    Harsha Kalutarage

  22. Osaka University, Osaka, Japan

    Naoto Yanai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Esposito, S., Sgandurra, D., Bella, G. (2024). The VOCODES Kill Chain for Voice Controllable Devices. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54129-2_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54128-5

  • Online ISBN: 978-3-031-54129-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation