31 August 2018

A few weeks ago at USENIX Security’18, we reported on an emerging threat vector in the Internet of Things – voice-controlled devices like the Amazon Echo will sometimes misinterpret commands, a fact that can be exploited by an attacker to trick them into using a malicious app. Sean Gallagher, an IT Editor for Ars Techica, released an article today about this study. In a piece he calls Mad Skills (we’re so angry we didn’t think of that as our paper title!), he profiles our work and also discusses some other recent findings pointing to the fact that voice-controlled device interfaces are increasingly insecure. Congrats to student authors Riccardo, Deepak, and Paul Murley for this awesome work and well-deserved exposure!