The Alexa Versus Alexa Attack
摘要
In this chapter, we explore in depth the voice-command self-issue attack. We first introduce Alexa versus Alexa (AvA), an attack discovered in 2021 that leverages self-activation alongside two additional vulnerabilities we found on Amazon Echo Dot devices by applying the HAVOC Kill Chain. Then we compare AvA with other instances of the self-issue attack in Windows and Android systems, and with other similar work. Finally, we assess the current state of the attack (i.e. if nowadays the impact and the attack surface has changed from 2021) and discuss possible future risks stemming from AvA.