Voice assistants have become quite popular lately while in parallel they are
an important part of smarthome systems. Through their voice assistants, users
can perform various tasks, control other devices and enjoy third party
services. The assistants are part of a wider ecosystem. Their function relies
on the users voice commands, received through original voice assistant devices
or companion applications for smartphones and tablets, which are then sent
through the internet to the vendor cloud services and are translated into
commands. These commands are then transferred to other applications and
services. As this huge volume of data, and mainly personal data of the user,
moves around the voice assistant ecosystem, there are several places where
personal data is temporarily or permanently stored and thus it is easy for a
cyber attacker to tamper with this data, bringing forward major privacy issues.
In our work we present the types and location of such personal data artifacts
within the ecosystems of three popular voice assistants, after having set up
our own testbed, and using IoT forensic procedures. Our privacy evaluation
includes the companion apps of the assistants, as we also compare the
permissions they require before their installation on an Android device.

By admin