sesa 20(22): e3

Research Article

Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside

Download1859 downloads
  • @ARTICLE{10.4108/eai.13-7-2018.163924,
        author={Yuxuan Chen and Xuejing Yuan and Aohui Wang and Kai Chen and Shengzhi Zhang and Heqing Huang},
        title={Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside},
        journal={EAI Endorsed Transactions on Security and Safety},
        keywords={Internet of Things (IoT) security, Mobile and wireless security, Security of cyber-physical systems},
  • Yuxuan Chen
    Xuejing Yuan
    Aohui Wang
    Kai Chen
    Shengzhi Zhang
    Heqing Huang
    Year: 2020
    Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside
    DOI: 10.4108/eai.13-7-2018.163924
Yuxuan Chen1, Xuejing Yuan2,3, Aohui Wang2,3, Kai Chen2,3,*, Shengzhi Zhang4, Heqing Huang5
  • 1: Department of Computer Engineering and Sciences, Florida Institute of Technology, USA
  • 2: SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
  • 3: School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China
  • 4: Department of Computer Science, Metropolitan College, Boston University, USA
  • 5: Bytedance AI lab, USA
*Contact email:


Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack.