Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Echo Hacking: Demystifying Intelligent Personal Assistant

Ashritha H

4 vote(s)

When I read about home automation and amazon Echo I was extremely excited and wanted to get my hands on the device. Soon enough, the excitement transformed to apprehension and subsequently a lot of curiosity. Now, I was keen on understanding the working of echo and the security implications of having an "Intelligent" Personal Assistant.

Considering that "Alexa" would be an entry point to control all smart devices; I was eager to understand whether it maintains conversations at all. If yes, where and how was it being saved. Can an attacker find a way to engage Alexa as a medium to eavesdrop on conversations I was having. On a broader note, it was fascinating that I now had an "Intelligent" Personal Assistant. However, on the flip side, I wasn't certain about how much I could trust or whether I should trust the device at all with all the personal information.

The primary focus during the talk would be to illustrate the approach I followed to uncover the answers regarding the security of my data obtained by Echo. Furthermore, I will talk about the architecture and the protocols used for communication. I will also talk about any security loopholes identified.

On a final note, I will talk about the security considerations to be made while using Echo. With the growing demand for home automation, this would perhaps enable individuals on modeling the same, securely.

About Ashritha H

Ashritha H is a Web Application Pentester and a Security enthusiast. She has over the last 6 years been part of the security industry and developed niche security skill sets. She has carried security assessments ranging from vulnerability assessments to mobile security assessments and social engineering.

She has been working with RSA as Sr. Software Quality Engineer since June 2016 and is based out of Bangalore. She helps the team identify security vulnerabilities and fix the same; hence aiding in building a secure product.

Ashritha started her career in 2010 as Security Engineer with Paladion Networks and went on to handle various responsibilities. She was handling the delivery for all security testing assignments for clients based in UK and US regions before moving into product security.