Study on the Smart Speaker Security Evaluations and Countermeasures

Jiseop Lee; Sooyoung Kang; Seung-Joo Kim

doi:10.1007/978-981-32-9244-4_7

Study on the Smart Speaker Security Evaluations and Countermeasures

Jiseop Lee, Sooyoung Kang, Seung-Joo Kim

Graduate School of Information Study

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The smart speaker provides users with useful functions such as music playback and online search with simple operation. However, since smart speakers always wait for the user’s voice, if they are exposed to security threats, serious problems can occur such as eavesdropping and privacy disclosure. Therefore, in order to provide improved security for of all smart speakers, it is necessary to identify potential security threats and systematically investigate vulnerabilities. In this paper, we perform security threat modeling for four products with high market share. STRIDE threat modeling was used to make a checklist for systematic vulnerability checks and the checklist was used to check vulnerabilities of commercial devices. Here, we propose a new method to improve the security of smart speaker through the analysis of the vulnerability check result and the vulnerability of each product.

Original language	English
Title of host publication	Advanced Multimedia and Ubiquitous Engineering - MUE/FutureTech 2019
Editors	Laurence T. Yang, Fei Hao, Young-Sik Jeong, James J. Park
Publisher	Springer Verlag
Pages	50-70
Number of pages	21
ISBN (Print)	9789813292437
DOIs	https://doi.org/10.1007/978-981-32-9244-4_7
Publication status	Published - 2020 Jan 1
Event	13th International Conference on Multimedia and Ubiquitous Engineering, MUE 2019 and 14th International Conference on Future Information Technology, Future Tech 2019 - Xian, China Duration: 2019 Apr 24 → 2019 Apr 26

Publication series

Name	Lecture Notes in Electrical Engineering
Volume	590
ISSN (Print)	1876-1100
ISSN (Electronic)	1876-1119

Conference

Conference	13th International Conference on Multimedia and Ubiquitous Engineering, MUE 2019 and 14th International Conference on Future Information Technology, Future Tech 2019
Country	China
City	Xian
Period	19/4/24 → 19/4/26

Keywords

Smart speaker
STRIDE
Threat modeling

ASJC Scopus subject areas

Industrial and Manufacturing Engineering

Cite this

Lee, J., Kang, S., & Kim, S-J. (2020). Study on the Smart Speaker Security Evaluations and Countermeasures. In L. T. Yang, F. Hao, Y-S. Jeong, & J. J. Park (Eds.), Advanced Multimedia and Ubiquitous Engineering - MUE/FutureTech 2019 (pp. 50-70). (Lecture Notes in Electrical Engineering; Vol. 590). Springer Verlag. https://doi.org/10.1007/978-981-32-9244-4_7

Study on the Smart Speaker Security Evaluations and Countermeasures. / Lee, Jiseop; Kang, Sooyoung; Kim, Seung-Joo.

Advanced Multimedia and Ubiquitous Engineering - MUE/FutureTech 2019. ed. / Laurence T. Yang; Fei Hao; Young-Sik Jeong; James J. Park. Springer Verlag, 2020. p. 50-70 (Lecture Notes in Electrical Engineering; Vol. 590).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, J, Kang, S & Kim, S-J 2020, Study on the Smart Speaker Security Evaluations and Countermeasures. in LT Yang, F Hao, Y-S Jeong & JJ Park (eds), Advanced Multimedia and Ubiquitous Engineering - MUE/FutureTech 2019. Lecture Notes in Electrical Engineering, vol. 590, Springer Verlag, pp. 50-70, 13th International Conference on Multimedia and Ubiquitous Engineering, MUE 2019 and 14th International Conference on Future Information Technology, Future Tech 2019, Xian, China, 19/4/24. https://doi.org/10.1007/978-981-32-9244-4_7

@inproceedings{1fdfc1df55724f45b82bf77e8e7e178a,

title = "Study on the Smart Speaker Security Evaluations and Countermeasures",

abstract = "The smart speaker provides users with useful functions such as music playback and online search with simple operation. However, since smart speakers always wait for the user’s voice, if they are exposed to security threats, serious problems can occur such as eavesdropping and privacy disclosure. Therefore, in order to provide improved security for of all smart speakers, it is necessary to identify potential security threats and systematically investigate vulnerabilities. In this paper, we perform security threat modeling for four products with high market share. STRIDE threat modeling was used to make a checklist for systematic vulnerability checks and the checklist was used to check vulnerabilities of commercial devices. Here, we propose a new method to improve the security of smart speaker through the analysis of the vulnerability check result and the vulnerability of each product.",

keywords = "Smart speaker, STRIDE, Threat modeling",

author = "Jiseop Lee and Sooyoung Kang and Seung-Joo Kim",

year = "2020",

month = "1",

day = "1",

doi = "10.1007/978-981-32-9244-4_7",

language = "English",

isbn = "9789813292437",

series = "Lecture Notes in Electrical Engineering",

publisher = "Springer Verlag",

pages = "50--70",

editor = "Yang, {Laurence T.} and Fei Hao and Young-Sik Jeong and Park, {James J.}",

booktitle = "Advanced Multimedia and Ubiquitous Engineering - MUE/FutureTech 2019",

note = "13th International Conference on Multimedia and Ubiquitous Engineering, MUE 2019 and 14th International Conference on Future Information Technology, Future Tech 2019 ; Conference date: 24-04-2019 Through 26-04-2019",

}

TY - GEN

T1 - Study on the Smart Speaker Security Evaluations and Countermeasures

AU - Lee, Jiseop

AU - Kang, Sooyoung

AU - Kim, Seung-Joo

PY - 2020/1/1

Y1 - 2020/1/1

N2 - The smart speaker provides users with useful functions such as music playback and online search with simple operation. However, since smart speakers always wait for the user’s voice, if they are exposed to security threats, serious problems can occur such as eavesdropping and privacy disclosure. Therefore, in order to provide improved security for of all smart speakers, it is necessary to identify potential security threats and systematically investigate vulnerabilities. In this paper, we perform security threat modeling for four products with high market share. STRIDE threat modeling was used to make a checklist for systematic vulnerability checks and the checklist was used to check vulnerabilities of commercial devices. Here, we propose a new method to improve the security of smart speaker through the analysis of the vulnerability check result and the vulnerability of each product.

AB - The smart speaker provides users with useful functions such as music playback and online search with simple operation. However, since smart speakers always wait for the user’s voice, if they are exposed to security threats, serious problems can occur such as eavesdropping and privacy disclosure. Therefore, in order to provide improved security for of all smart speakers, it is necessary to identify potential security threats and systematically investigate vulnerabilities. In this paper, we perform security threat modeling for four products with high market share. STRIDE threat modeling was used to make a checklist for systematic vulnerability checks and the checklist was used to check vulnerabilities of commercial devices. Here, we propose a new method to improve the security of smart speaker through the analysis of the vulnerability check result and the vulnerability of each product.

KW - Smart speaker

KW - STRIDE

KW - Threat modeling

UR - http://www.scopus.com/inward/record.url?scp=85071858766&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071858766&partnerID=8YFLogxK

U2 - 10.1007/978-981-32-9244-4_7

DO - 10.1007/978-981-32-9244-4_7

M3 - Conference contribution

AN - SCOPUS:85071858766

SN - 9789813292437

T3 - Lecture Notes in Electrical Engineering

SP - 50

EP - 70

BT - Advanced Multimedia and Ubiquitous Engineering - MUE/FutureTech 2019

A2 - Yang, Laurence T.

A2 - Hao, Fei

A2 - Jeong, Young-Sik

A2 - Park, James J.

PB - Springer Verlag

T2 - 13th International Conference on Multimedia and Ubiquitous Engineering, MUE 2019 and 14th International Conference on Future Information Technology, Future Tech 2019

Y2 - 24 April 2019 through 26 April 2019

ER -

Access to Document

10.1007/978-981-32-9244-4_7