Evaluating the Security and Privacy Risk Postures of Virtual Assistants

Borna Kalhor; Sanchari Das

doi:10.5220/0012389500003648

Evaluating the Security and Privacy Risk Postures of Virtual Assistants

Borna Kalhor, Sanchari Das

2024

Abstract

Virtual assistants (VAs) have seen increased use in recent years due to their ease of use for daily tasks. Despite their growing prevalence, their security and privacy implications are still not well understood. To address this gap, we conducted a study to evaluate the security and privacy postures of eight widely used voice assistants: Alexa, Braina, Cortana, Google Assistant, Kalliope, Mycroft, Hound, and Extreme. We used three vulnerability testing tools—AndroBugs, RiskInDroid, and MobSF—to assess the security and privacy of these VAs. Our analysis focused on five areas: code, access control, tracking, binary analysis, and sensitive data confidentiality. The results revealed that these VAs are vulnerable to a range of security threats, including not validating SSL certificates, executing raw SQL queries, and using a weak mode of the AES algorithm. These vulnerabilities could allow malicious actors to gain unauthorized access to users’ personal information. This study is a first step toward understanding the risks associated with these technologies and provides a foundation for future research to develop more secure and privacy-respecting VAs.

Download

Paper Citation

in Harvard Style

Kalhor B. and Das S. (2024). Evaluating the Security and Privacy Risk Postures of Virtual Assistants. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 154-161. DOI: 10.5220/0012389500003648

in Bibtex Style

@conference{icissp24,
author={Borna Kalhor and Sanchari Das},
title={Evaluating the Security and Privacy Risk Postures of Virtual Assistants},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={154-161},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012389500003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Evaluating the Security and Privacy Risk Postures of Virtual Assistants
SN - 978-989-758-683-5
AU - Kalhor B.
AU - Das S.
PY - 2024
SP - 154
EP - 161
DO - 10.5220/0012389500003648
PB - SciTePress