|M.Sc Student||Ron Yuval|
|Subject||On The Security of Voice Assistants on Lock Screens|
|Department||Department of Computer Science||Supervisor||PROF. Eli Biham|
|Full Thesis text|
Voice assistants that respond to spoken commands can be found in almost every aspect of our lives. They are deployed on our personal computers and smartphones, as well as on dedicated smart home devices. By providing a natural and intuitive voice interface, these programs make our lives more convenient and entertaining. Consequently, many studies expect a significant rise in the number of users.
The difficulty arises when voice assistants (VAs) can be activated by default even when the device is locked. While this feature is intended to improve the functionality of the device, it also requires vendors to balance between usability and security. The VA must not allow any sensitive functionality that might be exploited by attackers with physical access to the locked device, nor can it disclose sensitive user data. Despite the simplicity of the problem's specification, many vendors fail to design and implement a secure enough solution.
This research presents a new penetration testing methodology for VAs over locked devices. It provides guidelines for a thorough assessment of the security of these VAs and the identification of new security weaknesses. By applying this methodology on several popular VAs, we uncovered 21 new security vulnerabilities. Exploiting these vulnerabilities allows attackers to run arbitrary executables, navigate to arbitrary sites, access sensitive data, and even steal the victim's money. The VAs we tested were Microsoft's Cortana, Apple's Siri, Amazon's Alexa, and Samsung's Bixby, all of which were found vulnerable.
Our results demonstrate the difficulty in tying together new interfaces with old security assumptions and the risks of breaking these assumptions. We therefore present a robust layered defense mechanism for VAs. The mechanism comprises several new defensive components that integrate into the existing architecture of VAs. These components remedy the design failures that led to the vulnerabilities we found, detect them in different stages of the VA’s execution, and prevent their exploitation.
Alongside manual testing, this work also describes how to automatically discover new vulnerabilities in applications over lock screens using techniques from the research field of automated GUI testing. The basic idea is to model the UI of the tested application as a graph of events, such as button clicks and voice commands. By identifying sensitive events and paths that lead to these events, testers can automatically generate test cases to be replayed in locked mode. A sensitive path shown to be permitted is classified as a vulnerability. We describe how to build this graph using different methods. One of them is based on crowdsourcing.
The thesis ends with a discussion about the evolution of the lock screen interface and the evolving definition of sensitive user data. We outline a futuristic vision, in which a secure architecture design allows lock screens to show more non-sensitive data and support more non-sensitive actions. Establishing an infrastructure for classifying sensitive data using machine learning will create a new generation of lock screens that provide the user with a more personalized and secure experience.