The VOCODES Kill Chain for Voice Controllable Devices
Pages 176 - 197
Abstract
In this paper, we introduce a formalisation of attacks on Voice Controllable Devices (VCDs), focusing specifically on attacks leveraging the voice command self-issue. The presentation starts from the seminal Lockheed Martin kill chain, which is used to derive a tailored kill chain with the necessary steps to perform self-activation attacks. Our new kill chain, termed the VOice COntrollable DEvice Self-issue (VOCODES) kill chain, is relevant to assess both ongoing and past attacks, enhancing analysis activities of both ethical adversaries and of defenders. To demonstrate VOCODES in practice, we use it to analyse a popular self-issue attack against Amazon Echo devices, that is, the AvA attack. We show that the VOCODES kill chain succeeds in the full description of the attack and all its nuances. Moreover, it is effective to quickly map out the attacker’s malicious activities over specific attack steps, thereby favouring their interpretation. Finally, we show that, even if VOCODES is derived from the Lockheed Martin kill chain, VOCODES addresses some of the drawbacks of the seminal kill chain which have been pointed out over the years.
References
[1]
Adams, E.: Avoiding Wake-Word Self-Triggering (2018). https://patents.google.com/patent/US20190311719A1/en. Accessed 04 Dec 2020
[2]
Alepis E and Patsakis C Monkey says, monkey does: security and privacy on voice assistants IEEE Access 2017 5 17841-17851
[3]
Amazon.com Inc.: Amazon Echo & Alexa Devices (2022). https://www.amazon.com/smart-home-devices/b?node=9818047011. Accessed 11 Aug 2022
[4]
Bella, G., Biondi, P., Bognanni, S., Esposito, S.: Petiot: penetration testing the internet of things. Internet of Things 22, 100707 (2023)., https://www.sciencedirect.com/science/article/pii/S2542660523000306
[5]
BMW (UK) Limited: BMW Online Genius - What is Intelligent Personal Assistant? (2021). https://discover.bmw.co.uk/help/technology/what-is-ipa. Accessed 05 Dec 2022
[6]
Chen, Y., et al.: Devil’s whisper: a general approach for physical adversarial attacks against commercial black-box speech recognition devices. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2667–2684. USENIX Association (2020). https://www.usenix.org/conference/usenixsecurity20/presentation/chen-yuxuan
[7]
Dasgupta, P.B.: Detection and analysis of human emotions through voice and speech pattern processing. arXiv preprint arXiv:1710.10198 (2017)
[8]
Diao, W., Liu, X., Zhou, Z., Zhang, K.: Your voice assistant is mine: how to abuse speakers to steal information and control your phone. In: Wang, C., Huang, D., Singh, K., Liang, Z. (eds.) Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, SPSM@CCS 2014, Scottsdale, AZ, USA, November 03–07, 2014, pp. 63–74. ACM (2014).
[9]
Edu, J.S., Such, J.M., Suarez-Tangil, G.: Smart home personal assistants: a security and privacy review. ACM Comput. Surv. 53(6) (2020).
[10]
Esposito, S., Sgandurra, D., Bella, G.: Alexa versus Alexa: controlling smart speakers by self-issuing voice commands. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 1064–1078 (2022)
[11]
Esposito, S., Sgandurra, D., Bella, G.: Protecting voice-controllable devices against self-issued voice commands. In: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS &P), pp. 160–174 (2023).
[12]
Google LLC: Compare the Google Nest family (2022). https://store.google.com/gb/magazine/compare_speakers. Accessed 11 Aug 2022
[13]
Grenard, L.: Leon - Your Open-Source Personal Assistant (2019). https://getleon.ai/. Accessed 05 Dec 2022
[14]
Hutchins EM, Cloppert MJ, Amin RM, et al. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains Leading Issues Inf. Warfare Secur. Res. 2011 1 1 80
[15]
Jang, Y., Song, C., Chung, S.P., Wang, T., Lee, W.: A11y attacks: exploiting accessibility in operating systems. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. CCS 2014, New York, NY, USA, pp. 103–115. Association for Computing Machinery (2014).
[16]
Kim H, Kwon H, and Kim KK Modified cyber kill chain model for multimedia service environments Multimedia Tools Appl. 2019 78 3 3153-3170
[17]
Kumar, D., et al.: Skill squatting attacks on amazon Alexa. In: 27th USENIX Security Symposium (USENIX Security 2018), Baltimore, MD, pp. 33–47. USENIX Association (2018), https://www.usenix.org/conference/usenixsecurity18/presentation/kumar
[18]
Lang, J.P.: Wake-Word Detection Suppression (2017). https://patents.google.com/patent/US10475449B2/en. Accessed 04 Dec 2020
[19]
Li, J., Qu, S., Li, X., Szurley, J., Kolter, J.Z., Metze, F.: Adversarial music: real world audio adversary against wake-word detection system. In: Wallach, H.M., Larochelle, H., Beygelzimer, A., d’Alché-Buc, F., Fox, E.B., Garnett, R. (eds.) Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019(December), pp. 8–14, 2019. Vancouver, BC, Canada, pp. 11908–11918 (2019). https://proceedings.neurips.cc/paper/2019/hash/ebbdfea212e3a756a1fded7b35578525-Abstract.html
[20]
Malone, S.: The Expanded Cyber Kill Chain Model (2016). https://www.seantmalone.com/docs/us-16-Malone-Using-an-Expanded-Cyber-Kill-Chain-Model-to-Increase-Attack-Resiliency.pdf
[21]
Microsoft Corporation: Text to Speech - Realistic AI Voice Generator | Microsoft Azure (2022). https://azure.microsoft.com/en-us/products/cognitive-services/text-to-speech/. Accessed 06 Dec 2022
[22]
Mitev, R., Miettinen, M., Sadeghi, A.R.: Alexa lied to me: skill-based man-in-the-middle attacks on virtual assistants. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. Asia CCS 2019, New York, NY, USA, pp. 465–478. Association for Computing Machinery (2019).
[23]
Mycroft AI Inc: Mark II - Mycroft (2021). https://mycroft.ai/product/mark-ii/. Accessed 05 Dec 2022
[24]
Pogue, M.A., Hilmes, P.R.: Detecting Self-Generated Wake Expressions (2013). https://patents.google.com/patent/US9747899B2/en. Accessed 04 Dec 2020
[25]
Pols, P., van den Berg, J.: The Unified Kill Chain. CSA Thesis, Hague, pp. 1–104 (2017)
[26]
Ponticello, A.: Towards secure and usable authentication for voice-controlled smart home assistants. Ph.D. thesis, Wien (2020)
[27]
Statista Inc.: Smart home - Statistics & Facts (2022). https://www.statista.com/topics/2430/smart-homes/. Accessed 11 Aug 2022
[28]
Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Light commands: laser-based audio injection attacks on voice-controllable systems. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2631–2648. USENIX Association (2020). https://www.usenix.org/conference/usenixsecurity20/presentation/sugawara
[29]
The MITRE Corporation: MITRE ATT &CK (2013). https://attack.mitre.org/. Accessed 03 Jan 2023
[30]
U.S. Army: A Military Guide to Terrorism in the Twenty-first Century. Cosimo reports, Cosimo, Incorporated (2010). https://books.google.it/books?id=vmUjcAAACAAJ
[31]
Willison R and Siponen M Overcoming the insider: reducing employee computer crime through situational crime prevention Commun. ACM 2009 52 9 133-137
[32]
Yan, Q., Liu, K., Zhou, Q., Guo, H., Zhang, N.: SurfingAttack: interactive hidden attack on voice assistants using ultrasonic guided waves. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23–26, 2020. The Internet Society (2020). https://www.ndss-symposium.org/ndss-paper/surfingattack-interactive-hidden-attack-on-voice-assistants-using-ultrasonic-guided-waves/
[33]
Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., Xu, W.: DolphinAttack: inaudible voice commands. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS 2017, pp. 103–117, New York, NY, USA. Association for Computing Machinery (2017).
[34]
Zhang, N., Mi, X., Feng, X., Wang, X., Tian, Y., Qian, F.: Dangerous skills: understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1381–1396 (2019)
Recommendations
Initial Reflections on the Use of Augmented Cognition in Derailing the Kill Chain
Augmented CognitionAbstractDigital systems are now our new critical infrastructures. In contrast to traditional infrastructures, a digital system can be attacked remotely by software weapons. The so-called Advanced Persistent Threat (APT) actors are nation-state actors or ...
Cyber Social Engineering Kill Chain
Science of Cyber SecurityAbstractCyber attacks are often initiated with a social engineering attack to penetrate a network, which we call Cyber Social Engineering (CSE) attacks. Despite many studies, our understanding of CSE attacks is inadequate in explaining why these attacks ...
Complex Network-Based Decision-Making Analysis of Strikes on Important Nodes of a Typical Kill Chain
Advances in Swarm IntelligenceAbstractMaritime kill chain constitutes an indispensable part in the maritime combat system in today’s world. It has always been an important research issue to figure out the weaknesses of the opponent’s maritime kill chain and combat its operation. This ...
Comments
Information & Contributors
Information
Published In
Sep 2023
784 pages
ISBN:978-3-031-54128-5
DOI:10.1007/978-3-031-54129-2
- Editors:
- Sokratis Katsikas,
- Habtamu Abie,
- Silvio Ranise,
- Luca Verderame,
- Enrico Cambiaso,
- Rita Ugarelli,
- Isabel Praça,
- Wenjuan Li,
- Weizhi Meng,
- Steven Furnell,
- Basel Katt,
- Sandeep Pirbhulal,
- Ankur Shukla,
- Michele Ianni,
- Mila Dalla Preda,
- Kim-Kwang Raymond Choo,
- Miguel Pupo Correia,
- Abhishta Abhishta,
- Giovanni Sileno,
- Mina Alishahi,
- Harsha Kalutarage,
- Naoto Yanai
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 25 September 2023
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Mar 2025