When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers

Daniel J. Dubois 1 , Roman Kolcun 2 , Anna Maria Mandalari 3 , Muhammad Talha Paracha 4 , David Choffnes 5 ,  and Hamed Haddadi 6
  • 1 Northeastern University,
  • 2 Imperial College London,
  • 3 Imperial College London,
  • 4 Northeastern University,
  • 5 Northeastern University,
  • 6 Imperial College London,


Internet-connected voice-controlled speakers, also known as smart speakers, are increasingly popular due to their convenience for everyday tasks such as asking about the weather forecast or playing music. However, such convenience comes with privacy risks: smart speakers need to constantly listen in order to activate when the “wake word” is spoken, and are known to transmit audio from their environment and record it on cloud servers. In particular, this paper focuses on the privacy risk from smart speaker misactivations, i.e., when they activate, transmit, and/or record audio from their environment when the wake word is not spoken. To enable repeatable, scalable experiments for exposing smart speakers to conversations that do not contain wake words, we turn to playing audio from popular TV shows from diverse genres. After playing two rounds of 134 hours of content from 12 TV shows near popular smart speakers in both the US and in the UK, we observed cases of 0.95 misactivations per hour, or 1.43 times for every 10,000 words spoken, with some devices having 10% of their misactivation durations lasting at least 10 seconds. We characterize the sources of such misactivations and their implications for consumers, and discuss potential mitigations.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Amazon, Alexa voice assistant. Accessed on 02/28/2020, https://en.wikipedia.org/wiki/Amazon_Alexa.

  • [2] Google, Google Assistant. Accessed on 02/28/2020, https://assistant.google.com.

  • [3] Apple, Siri voice assistant. Accessed on 02/28/2020, https://www.apple.com/siri/.

  • [4] Cortana, Cortana voice assistant. Accessed on 02/28/2020, https://www.microsoft.com/windows/cortana.

  • [5] Forrester, Smart Home Devices Forecast, 2017 To 2022 (US). Accessed on 02/28/2020, https://www.forrester.com/report/Forrester+Data+Smart+Home+Devices+Forecast+2017+To+2022+US/-/E-RES140374.

  • [6] Artem Russakovskii, Google is permanently nerfing all Home Minis because mine spied on everything I said 24/7. Accessed on 02/28/2020, https://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spiedeverything-said-247/.

  • [7] VRT NWS, Google employees are eavesdropping, even in your living room. Accessed on 02/28/2020, https://www.vrt.be/vrtnws/en/2019/07/10/google-employeesare-eavesdropping-even-in-flemish-living-rooms/.

  • [8] G. Fowler, Alexa has been eavesdropping on you this whole time. Accessed on 02/28/2020, https://www.washingtonpost.com/technology/2019/05/06/alexa-hasbeen-eavesdropping-you-this-whole-time/.

  • [9] Amazon, Alexa Cloud Documentation. Accessed on 02/28/2020, https://www.amazon.com/gp/help/customer/display.html?nodeId=GHXNJNLTRWCTBBGW.

  • [10] Google, Google Cloud Documentation. Accessed on 02/28/2020, https://support.google.com/websearch/answer/6030020?co=GENIE.Platform%3DDesktop&hl=en.

  • [11] Y. Chen, H. Li, S.-Y. Teng, S. Nagels, Z. Li, P. Lopes, B. Zhao, and H. Zheng, “Wearable Microphone Jamming,” in Conference on Human Factors in Computing Systems 2020 (CHI ’20), 2020.

  • [12] KITT.AI, Snowboy, a hotword detection engine. Accessed on 02/28/2020, http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57.

  • [13] EU Parliament, General Data Protection Regulation (GDPR). Accessed on 02/28/2020, https://gdpr-info.eu/.

  • [14] Illinois General Assembly, Biometric Information Privacy Act (BIPA). Accessed on 02/28/2020, http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57.

  • [15] E. Pan, J. Ren, M. Lindorfer, C. Wilson, and D. R. Choffnes, “Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications,” in Privacy Enhancing Technologies Symposium (PETs ’18), 2018.

  • [16] A. Mhaidli, M. Venkatesh, Y. Zou, and F. Schaub, “Listen Only When Spoken To: Interpersonal Communication Cues as Smart Speaker Privacy Controls,” in Privacy Enhancing Technologies Symposium (PETs ’20, 2020.

  • [17] B. Karmann, Project Alias. Accessed on 02/28/2020, https://bjoernkarmann.dk/project_alias.

  • [18] C. Champion, I. Olade, C. Papangelis, H. Liang, and C. Fleming, “The smart speaker blocker: An open-source privacy filter for connected home speakers,” arXiv preprint arXiv:1901.04879, 2019.

  • [19] R. Aloufi, H. Haddadi, and D. Boyle, “Privacy preserving speech analysis using emotion filtering at the edge,” in 17th Conference on Embedded Networked Sensor Systems (Sen- Sys ’19), 2019, pp. 426–427.

  • [20] J. Ren, D. J. Dubois, D. Choffnes, A. M. Mandalari, R. Kolcun, and H. Haddadi, “Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach,” in Proc. of the Internet Measurement Conference (IMC ’19), 2019.

  • [21] D. Y. Huang, N. Apthorpe, G. Acar, F. Li, and N. Feamster, “IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale,” arXiv preprint arXiv:1909.09848, 2019.

  • [22] I. Castell-Uroz, X. Marrugat-Plaza, J. Solé-Pareta, and P. Barlet-Ros, “A first look into alexa’s interaction security,” in 15th ACM Intern.l Conf. on Emerging Networking EXperiments and Technologies (CoNEXT ’19), 2019.

  • [23] J. Lau, B. Zimmerman, and F. Schaub, “Alexa, Are You Listening? Privacy Perceptions, Concerns and Privacy-Seeking Behaviors with Smart Speakers,” Proceedings of the ACM on Human-Computer Interaction (issue CSCW), vol. 2, no. 1, pp. 1–31, 2018.

  • [24] S. Kennedy, H. Li, C. Wang, H. Liu, B. Wang, and W. Sun, “I Can Hear Your Alexa: Voice Command Fingerprinting on Smart Home Speakers,” in 2019 IEEE Conference on Communications and Network Security (CNS ’19), June 2019, pp. 232–240.

  • [25] N. Apthorpe, D. Reisman, S. Sundaresan, A. Narayanan, and N. Feamster, “Spying on the smart home: Privacy attacks and defenses on encrypted iot traffic,” arXiv preprint arXiv:1708.05044, 2017.

  • [26] D. Kumar, R. Paccagnella, P. Murley, E. Hennenfent, J. Mason, A. Bates, and M. Bailey, “Skill Squatting Attacks on Amazon Alexa,” in 27th USENIX Security Symposium (USENIX Security ’18), Aug. 2018, pp. 33–47.

  • [27] A. Alhadlaq, J. Tang, M. Almaymoni, and A. Korolova, “Privacy in the Amazon Alexa skills ecosystem,” in 10th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs ’17), 2017.

  • [28] N. Zhang, X. Mi, X. Feng, X. Wang, Y. Tian, and F. Qian, “Understanding and mitigating the security risks of voicecontrolled third-party skills on amazon alexa and google home,” arXiv preprint arXiv:1805.01525, 2018.

  • [29] R. Mitev, M. Miettinen, and A.-R. Sadeghi, “Alexa Lied to Me: Skill-based Man-in-the-Middle Attacks on Virtual Assistants,” in 2019 ACM Asia Conf. on Computer and Communications Security (ASIACCS ’19), 2019, pp. 465–478.

  • [30] T. Sugawara, B. Cyr, S. Rampazzi, D. Genkin, and K. Fu, Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems. Accessed on 02/28/2020, https://lightcommands.com/.

  • [31] R. Iijima, S. Minami, Y. Zhou, T. Takehisa, T. Takahashi, Y. Oikawa, and T. Mori, “Audio Hotspot Attack: An Attack on Voice Assistance Systems Using Directional Sound Beams and its Feasibility,” IEEE Transactions on Emerging Topics in Computing, 2019.

  • [32] N. Carlini, P. Mishra, T. Vaidya, Y. Zhang, M. Sherr, C. Shields, D. Wagner, and W. Zhou, “Hidden voice commands,” in 25th USENIX Conference on Security Symposium (USENIX Security ’16)). USENIX Association, 2016.


Journal + Issues