Fine-hearing Google Home:

why silence will not protect your privacy

Davide Caputo1+, Luca Verderame1, Andrea Ranieri2, Alessio Merlo1, and Luca Caviglione2
 

1Computer Security Lab, Department of Informatics, Bioengineering, Robotics and Systems Engineering

University of Genova, Genova, Italy

{davide.caputo, luca.verderame, alessio}@dibris.unige.it

 

2Institute for Applied Mathematics and Information Technologies

National Research Council of Italy, Rome, Italy

{andrea.ranieri, luca.caviglione}@ge.imati.cnr.it

 

Abstract

Smart speakers and voice-based virtual assistants are used to retrieve information, interact with other devices, and command a variety of Internet of Things (IoT) nodes. To this aim, smart speakers and voice-based assistants typically take advantage of cloud architectures: vocal commands of the user are sampled, sent through the Internet to be processed and transmitted back for local execution, e.g., to activate an IoT device. Unfortunately, even if privacy and security are enforced through state-of-the-art encryption mechanisms, the features of the encrypted traffic, such as the throughput, the size of protocol data units or the IP addresses can leak critical information about the habits of the users. In this perspective, in this paper we showcase this kind of risks by exploiting machine learning techniques to develop black-box models to classify traffic and implement privacy leaking attacks automatically. We prove that such traffic analysis allows to detect the presence of a person in a house equipped with a Google Home device, even if the same person does not interact with the smart device. We also present a set of experimental results collected in a realistic scenario, and propose possible countermeasures.

Keywords: smart Speakers, IoT security, machine learning and traffic analysis.

+: Corresponding author: Davide Caputo

Computer Security Lab, Department of Informatics, Bioengineering, Robotics and Systems Engineering,

University of Genova, Via Dodecaneso 35, Genova, Genova, 16146, Italy, Tel: +39-010-353-2344

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)

Vol. 11, No. 1, pp. 35-53, March 2020 [pdf]

 

Received: January 17, 2020; Accepted: March 6, 2020; Published: March 31, 2020

DOI: 10.22667/JOWUA.2020.03.31.035