Privacy and Security Evaluation of Amazon Echo Voice Assistant

Abstract

The number of devices connected to the Internet across the world is above eight billion according to IoT Analytics statistics. There has been a 56% increase after 2016 and is estimated to keep increasing in the subsequent years. Considering the expansive reach of the Internet of Things (IoT) and smart homes, it has transformed how people interact with technology and has generated a debate on subjects such as integrity and privacy. Even though there are many reports reviewing the Amazon Echo dot (which is a device used to control smart home via verbal commands), a few of which have literature review supporting. This study aims to examine Echo Dot (second generation), one of Amazon's most popular IoT devices, by conducting a behavioural evaluation as well as a security and privacy analysis. Moreover, certain relevant security and privacy threats will be examined. Echo Dot's behaviour was analysed to ensure an effective analysis as per the network traffic rate (bandwidth), while its consumption of power was monitored over three days in various circumstances such as normal, silent, and noisy days. These behaviours were then compared to determine any abnormal behaviour. The study also subjected the device to two types of attacks which are sound-based attack and network-based attack. It was observed that the behaviour of the device in silent and normal modes was as per the expectations, whereas in a noisy environment, it consumed more power and had a higher number of transmitted packets compared to the average ideal mode. It should be noted that a major advantage of the Echo Dot is that the majority of the logic takes place on the Amazon cloud servers behind the scenes. The study's analysis showed that the device offers less satisfactory security and privacy. It is estimated that though sound-based attacks have potential, further understanding regarding the system's inner workings is necessary. It was found that the device persevered against the network-based attack and encrypted all packets, and thus, it was not easy to obtain information from them. Moreover, it was ensured that this study was scalable and could be implemented for other smart home or VAs IoT devices for identifying security or privacy issues.