Why Am I Seeing Double? An Investigation of Device Management Flaws in Voice Assistant Platforms

Muslum Ozgur Ozmen; Mehmet Oguz Sakaoglu; Jackson Bizjak; Jianliang Wu; Antonio Bianchi; Dave (Jing) Tian; Z. Berkay Celik

Why Am I Seeing Double? An Investigation of Device Management Flaws in Voice Assistant Platforms

Authors: Muslum Ozgur Ozmen (Arizona State University), Mehmet Oguz Sakaoglu (Purdue University), Jackson Bizjak (Purdue University), Jianliang Wu (Simon Fraser University), Antonio Bianchi (Purdue University), Dave (Jing) Tian (Purdue University), Z. Berkay Celik (Purdue University)

Volume: 2025
Issue: 2
Pages: 719–733
DOI: https://doi.org/10.56553/popets-2025-0084

Download PDF

Abstract: In Voice Assistant (VA) platforms, when users add devices to their accounts and give voice commands, complex interactions occur between the devices, skills, VA clouds, and vendor clouds. These interactions are governed by the device management capabilities (DMC) of VA platforms, which rely on device names, types, and associated skills in the user account. Prior work studied vulnerabilities in specific VA components, such as hidden voice commands and bypassing skill vetting. However, the security and privacy implications of device management flaws have largely been unexplored. In this paper, we introduce DMC-Xplorer, a testing framework for the automated discovery of VA device management flaws. We first introduce VA description language (VDL), a new domain-specific language to create VA environments for testing, using VA and skill developer APIs. DMC-Xplorer then selects VA parameters (device names, types, vendors, actions, and skills) in a combinatorial approach and creates VA environments with VDL. It issues real voice commands to the environment via developer APIs and logs event traces. It validates the traces against three formal security properties that define the secure operation of VA platforms. Lastly, DMC-Xplorer identifies the root cause of property violations through intervention analysis to identify VA device management flaws. We exercised DMC-Xplorer on Amazon Alexa and Google Home and discovered two design flaws that can be exploited to launch four attacks. We show that malicious skills with default permissions can eavesdrop on privacy-sensitive device states, prevent users from controlling their devices, and disrupt the services on the VA cloud.

Keywords: IoT, voice assistant platforms, privacy, security

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.