September 24, 2018
Hot Topics:

Researchers Demonstrate Method for Hacking Voice Interfaces

  • August 31, 2018
  • By Developer.com Staff

At the USENIX Security Symposium, a team from University of Illinois at Urbana-Champaign (UIUC) demonstrated "skill squatting," a new method for hacking Amazon Alexa devices. Simply by giving their skills names that are similar to legitimate skills, hackers can trick Amazon devices into serving malicious content. For example, if "Cat Facts" is a legitimate app that provides information about cats, "Cat Fax" could be malware. Because the voice assistant can't tell the difference between the homophones, it could serve malware.

The researchers demonstrated a far more insidious attack that used a skill called "Am Express" to steal user credentials for their American Express cards.

In response to the paper, Amazon released a statement, which said, "Customer trust is important to us, and we conduct security reviews as part of the skill certification process. We have mitigations in place to detect this type of skill behavior and reject or remove them when identified."

View article

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.


Thanks for your registration, follow us on our social networks to keep up-to-date