Traversing the Quagmire that is Privacy in your Smart Home


Voice has become an increasingly popular User Interaction (UI) channel, with voice-activated devices becoming regular fixtures in our homes. The popularity of voice-based assistants (VAs), however, have brought along significant privacy and security threats to their users. Recent revelations have indicated that some VAs record user’s private conversations continuously and innocuously. With the VAs being connected to the Internet, they can leak the recorded content without the user’s authorization. Moreover, these devices often do not pack authentication mechanisms to check if the voice commands are issued by authorized users. To address both shortcomings, we propose a framework to impose a security and privacy perimeter around the user’s VA. Our proposed framework continuously jams the VA to prevent it from innocuously recording the user’s speech, unless the user issues a voice command. To prevent unauthorized voice commands, our framework provides a scheme similar to two-factor authentication to only grant access when the authorized user is in its vicinity. Our proposed framework achieves both objectives through a combination of several techniques to (a) continuously jam one (or many) VA’s microphones in a manner inaudible to the user, and (b) provide only authenticated users easy access to VAs.

Proceedings of the 2018 Workshop on IoT Security and Privacy