SoylentNews is people
SoylentNews
The success of Internet of Things devices such as Amazon's Echo and Google Home have created an opportunity for developers to build voice-activated applications that connect ever deeper—into customers' homes and personal lives. And—according to research by a team from the University of Illinois at Urbana-Champaign (UIUC)—the potential to exploit some of the idiosyncrasies of voice-recognition machine-learning systems for malicious purposes has grown as well.
Called "skill squatting," the attack method (described in /ma paper presented at USENIX Security Symposium in Baltimore this month) is currently limited to the Amazon Alexa platform—but it reveals a weakness that other voice platforms will have to resolve as they widen support for third-party applications. Ars met with the UIUC team (which is comprised of Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Assistant Professor Adam Bates, and Professor Michael Bailey) at USENIX Security. We talked about their research and the potential for other threats posed by voice-based input to information systems.
[...] But skill-squatting attacks could pose a more immediate risk—it appears, the researchers found, that developers are already giving their applications names that are similar to those of popular applications. Some of these—such as "Fish Facts" (a skill that returns random facts about fish, the aquatic vertebrates) and "Phish Facts" (a skill that returns facts about the Vermont-based jam band)—are accidental, but others such as "Cat Fax" (which mimics "Cat Facts") are obviously intentional.
Thanks to the way Alexa handles requests for new "skills"—the cloud applications that register with Amazon—it's possible to create malicious skills that are named with homophones for existing legitimate applications. Amazon made all skills in its library available by voice command by default in 2017, and skills can be "installed" into a customer's library by voice. "Either way, there's a voice-only attack for people who are selectively registering skill names," said Bates, who leads UIUC's Secure and Transparent Systems Laboratory.
This sort of thing offers all kinds of potential for malicious developers. They could build skills that intercept requests for legitimate skills in order to drive user interactions that steal personal and financial information. These would essentially use Alexa to deliver phishing attacks (the criminal fraud kind, not the jam band kind). The UIUC researchers demonstrated (in a sandboxed environment) how a skill called "Am Express" could be used to hijack initial requests for American Express' Amex skill—and steal users' credentials.
(Score: 4, Interesting) by MostCynical on Wednesday September 05 2018, @10:19AM (2 children)
Oxford English Dictionary [oxforddictionaries.com]
Definition of skill - the ability to do something well; expertise.
Suspect that is not what Amazon mean..
So users put "skills" in their voice-thing's "library", and the skills were programmed by "someone".
Just like "apps" on tablets and phones, trust is taken, rather than earned, and users will get burned.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Informative) by Anonymous Coward on Wednesday September 05 2018, @01:20PM (1 child)
I had trouble sleeping and skimmed the paper this morning. The attack is based on the still sorry state of speech recognition and the non-conversational nature of "conversations" with "AI" assistants.
At an abstract level, Alexa seems to be a rudimentary command interpreter with "skills" being roughly analogous to executables (scripts, stuff in general that goes in /bin;/usr/bin). I might type "lyft request --from $HOME --to $the_pub." Or I can say, "Alexa, ask Lyft for a ride from home to the pub." (What I skimmed wasn't clear on how one gives the parameters of the request [to and from locations] to the lyft command, but that may have been outside the scope of the paper.)
To continue the command line analogy, imagine if some joker had installed /usr/bin/lift right alongside the /usr/bin/lyft that you wanted to use. Maybe you typo "lift" instead of "lyft," but the "lift" executable could accept all the same syntax while doing something malicious with it. (And who hasn't--at least once--fat-fingered "sudo xyz," typed in their password, and only realized too late that something was subtly and horribly wrong with the command typed?)
Or I suppose even worse, imagine somebody dropped a /usr/bin/pseudo and we were for whatever brain damaged reason dictating (verbally) some administrative command we need to run with sudo. We think we say, "sudo make sammich." But Alexa, unbeknownst to us, runs this command instead: "pseudo make sammich." /usr/bin/pseudo also just happens to prompt for the user's password, which it then promptly ships off to bad guys somewhere while appearing to fail with some generic error.
The paper also makes an analogy to typosquatting in DNS.
If I could try to put a finger on the more fundamental problem, it seems that when I flub "sudo xyz" or type "lift request" instead of "lyft request" I at least get a chance to catch that flub before pressing enter. There appears to be no such equivalent that wouldn't quickly get irritating with a verbal command line. It comes down to the inability of the computer to anticipate its user's intentions and the inherent ambiguity of spoken language.
(Didn't we have an article a little while ago about how the brain is constantly reparsing sounds for speech in light of new sounds. That, of course, implies that the brain is anticipating that the spoken pharse will have meaning and attempting to fit an anticipated meaning to the sounds it receives. But then again who knows. Maybe once Amazon and Google have enough data on us to pull a Westworld and begin making replicant versions of ourselves, then it will be able to accurately anticipate our verbal commands!)
(Score: 0) by Anonymous Coward on Wednesday September 05 2018, @09:20PM
Since the "skills" have to be installed it should at least warn you when installing homophonic skills. At execution time it could also warn of being unsure what to do, "Do you mean lift with an 'i' or lyft with a 'y'?" - teach those users to heed your warning about installing homophonic skills at least.