Investigating Traffic of Smart Speakers and IoT Devices: Security Issues and Privacy Threats

Smart speakers and voice-based virtual assistants are core building blocks of modern smart homes. For instance, they are used to retrieve information, interact with other devices, and command a variety of Internet of Things (IoT) nodes. To this aim, smart speakers and voice-based assistant typically take advantage of cloud architectures: vocal commands of the user are sampled, sent through the Internet to be processed and sent back for the local execution, e.g., to perform an automation task or activate an IoT device. Even if privacy and security is enforced by means of encryption, features of the traffic, such as, the throughput, the size of protocol data units or the IP addresses, can leak important information about the habits of the users as well as the number and the type of IoT nodes deployed. In this perspective, the chapter showcases risks of machine-learning-capable techniques to develop black-box models to automatically classify traffic and implement privacy leaking attacks. Experimental results collected in a realistic scenario are presented and possible