Fine-hearing Google Home: why silence will not protect your
privacy 1Computer
Security Lab, Department of
Informatics, Bioengineering, Robotics and Systems Engineering University of Genova, Genova, Italy {davide.caputo, luca.verderame, alessio}@dibris.unige.it 2Institute
for Applied Mathematics and Information Technologies National Research Council of Italy, Rome, Italy {andrea.ranieri, luca.caviglione}@ge.imati.cnr.it Abstract Smart speakers and voice-based virtual assistants
are used to retrieve information, interact with other devices, and command a
variety of Internet of Things (IoT) nodes. To this
aim, smart speakers and voice-based assistants typically take advantage of
cloud architectures: vocal commands of the user are sampled, sent through the
Internet to be processed and transmitted back for local execution, e.g., to
activate an IoT device. Unfortunately, even if
privacy and security are enforced through state-of-the-art encryption
mechanisms, the features of the encrypted traffic, such as the throughput,
the size of protocol data units or the IP addresses can leak critical
information about the habits of the users. In this perspective, in this paper
we showcase this kind of risks by exploiting machine learning techniques to
develop black-box models to classify traffic and implement privacy leaking
attacks automatically. We prove that such traffic analysis allows to detect
the presence of a person in a house equipped with a Google Home device, even
if the same person does not interact with the smart device. We also present a
set of experimental results collected in a realistic scenario, and propose
possible countermeasures. Keywords: smart Speakers, IoT security, machine learning and traffic analysis. +: Corresponding author: Davide
Caputo Computer
Security Lab, Department of Informatics, Bioengineering, Robotics and Systems
Engineering, University
of Genova, Via Dodecaneso 35, Genova, Genova, 16146,
Italy, Tel: +39-010-353-2344 Journal of Wireless
Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) Vol. 11, No. 1, pp. 35-53, March 2020 [pdf] Received:
January 17, 2020; Accepted: March 6, 2020; Published: March 31, 2020 DOI: 10.22667/JOWUA.2020.03.31.035 |