Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles

Wenbo Ding; Song Liao; Keyan Guo; Fuqiang Zhang; Long Cheng; Ziming Zhao; Hongxin Hu

doi:10.1007/978-3-031-51630-6_1

Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles

Wenbo Ding
, Song Liao
, Keyan Guo
, Fuqiang Zhang
, Long Cheng
, Ziming Zhao
, Hongxin Hu

Department of Computer Science and Engineering

SUNY Buffalo
Clemson University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Voice assistant platforms have revolutionized user interactions with connected vehicles, providing the convenience of controlling them through simple voice commands. However, this innovation also brings about significant cyber-risks to voice-controlled vehicles. This paper presents a novel attack that showcases the ability of a “malicious” skill, utilizing the skill ranking system on the Alexa platform, to hijack voice commands originally intended for a benign third-party connected vehicle skill. Through our evaluation, we demonstrate the effectiveness of this attack by successfully hijacking commonly used commands in commercial connected vehicle skills.

Original language	English
Title of host publication	Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings
Editors	Yu Chen, Chung-Wei Lin, Bo Chen, Qi Zhu
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	3-14
Number of pages	12
ISBN (Print)	9783031516290
DOIs	https://doi.org/10.1007/978-3-031-51630-6_1
State	Published - 2024
Event	1st EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, SmartSP 2023 - Chicago, United States Duration: Oct 12 2023 → Oct 13 2023

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	552 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	1st EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, SmartSP 2023
Country/Territory	United States
City	Chicago
Period	10/12/23 → 10/13/23

Keywords

Alexa
Connected Vehicle
Voice Assistant Skills

Access to Document

10.1007/978-3-031-51630-6_1

Cite this

Ding, W., Liao, S., Guo, K., Zhang, F., Cheng, L., Zhao, Z., & Hu, H. (2024). Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles. In Y. Chen, C.-W. Lin, B. Chen, & Q. Zhu (Eds.), Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings (pp. 3-14). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 552 LNICST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-51630-6_1

Ding, Wenbo ; Liao, Song ; Guo, Keyan et al. / Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles. Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings. editor / Yu Chen ; Chung-Wei Lin ; Bo Chen ; Qi Zhu. Springer Science and Business Media Deutschland GmbH, 2024. pp. 3-14 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{ba528acc099e441d89a0d533dc3f0ba2,

title = "Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles",

abstract = "Voice assistant platforms have revolutionized user interactions with connected vehicles, providing the convenience of controlling them through simple voice commands. However, this innovation also brings about significant cyber-risks to voice-controlled vehicles. This paper presents a novel attack that showcases the ability of a “malicious” skill, utilizing the skill ranking system on the Alexa platform, to hijack voice commands originally intended for a benign third-party connected vehicle skill. Through our evaluation, we demonstrate the effectiveness of this attack by successfully hijacking commonly used commands in commercial connected vehicle skills.",

keywords = "Alexa, Connected Vehicle, Voice Assistant Skills",

author = "Wenbo Ding and Song Liao and Keyan Guo and Fuqiang Zhang and Long Cheng and Ziming Zhao and Hongxin Hu",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2024.; 1st EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, SmartSP 2023 ; Conference date: 12-10-2023 Through 13-10-2023",

year = "2024",

doi = "10.1007/978-3-031-51630-6\_1",

language = "English",

isbn = "9783031516290",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "3--14",

editor = "Yu Chen and Chung-Wei Lin and Bo Chen and Qi Zhu",

booktitle = "Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings",

address = "Germany",

}

Ding, W, Liao, S, Guo, K, Zhang, F, Cheng, L, Zhao, Z & Hu, H 2024, Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles. in Y Chen, C-W Lin, B Chen & Q Zhu (eds), Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 552 LNICST, Springer Science and Business Media Deutschland GmbH, pp. 3-14, 1st EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, SmartSP 2023, Chicago, United States, 10/12/23. https://doi.org/10.1007/978-3-031-51630-6_1

Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles. / Ding, Wenbo; Liao, Song; Guo, Keyan et al.
Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings. ed. / Yu Chen; Chung-Wei Lin; Bo Chen; Qi Zhu. Springer Science and Business Media Deutschland GmbH, 2024. p. 3-14 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 552 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles

AU - Ding, Wenbo

AU - Liao, Song

AU - Guo, Keyan

AU - Zhang, Fuqiang

AU - Cheng, Long

AU - Zhao, Ziming

AU - Hu, Hongxin

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2024.

PY - 2024

Y1 - 2024

N2 - Voice assistant platforms have revolutionized user interactions with connected vehicles, providing the convenience of controlling them through simple voice commands. However, this innovation also brings about significant cyber-risks to voice-controlled vehicles. This paper presents a novel attack that showcases the ability of a “malicious” skill, utilizing the skill ranking system on the Alexa platform, to hijack voice commands originally intended for a benign third-party connected vehicle skill. Through our evaluation, we demonstrate the effectiveness of this attack by successfully hijacking commonly used commands in commercial connected vehicle skills.

AB - Voice assistant platforms have revolutionized user interactions with connected vehicles, providing the convenience of controlling them through simple voice commands. However, this innovation also brings about significant cyber-risks to voice-controlled vehicles. This paper presents a novel attack that showcases the ability of a “malicious” skill, utilizing the skill ranking system on the Alexa platform, to hijack voice commands originally intended for a benign third-party connected vehicle skill. Through our evaluation, we demonstrate the effectiveness of this attack by successfully hijacking commonly used commands in commercial connected vehicle skills.

KW - Alexa

KW - Connected Vehicle

KW - Voice Assistant Skills

UR - https://www.scopus.com/pages/publications/85185710742

U2 - 10.1007/978-3-031-51630-6_1

DO - 10.1007/978-3-031-51630-6_1

M3 - Conference contribution

AN - SCOPUS:85185710742

SN - 9783031516290

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 3

EP - 14

BT - Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings

A2 - Chen, Yu

A2 - Lin, Chung-Wei

A2 - Chen, Bo

A2 - Zhu, Qi

PB - Springer Science and Business Media Deutschland GmbH

T2 - 1st EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, SmartSP 2023

Y2 - 12 October 2023 through 13 October 2023

ER -

Ding W, Liao S, Guo K, Zhang F, Cheng L, Zhao Z et al. Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles. In Chen Y, Lin CW, Chen B, Zhu Q, editors, Security and Privacy in Cyber-Physical Systems and Smart Vehicles - First EAI International Conference, SmartSP 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 3-14. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-031-51630-6_1