Penetration Testing of the Amazon Echo Digital Voice Assistant Using a Denial-of-Service Attack

Document Type

Conference Proceeding

Publication Date


Publication Title

IEEE SoutheastCon 2019 Conference Proceeding








With so much time spent on innovating Internet of Things (IoT) devices, it is believed that not enough time is spent on developing security standards of these devices. Many consumers are especially concerned about the security and privacy of IoT devices. The purpose of this paper is to test an Amazon Echo's vulnerability against a Denial-of-Service (DoS) attack. Using a test wireless network, and assuming that a cyber-criminal already has access to your home network, we monitored the network traffic of the Amazon Echo while it is under a DoS attack. We then used one instance of Kali Linux to perform the attacks on the device, while another instance of Kali was used to monitor the network during the attack. The attackable to cause the device to crash and disconnect from the network. We were also able to analyze the network traffic using Wireshark and show where the network packets were dropping during the attack. We found that initiating a Denial-of-Service attack on an Amazon Echo device could be a fairly easy task. In this paper, we pointed out that if an attacker has the knowledge and ability to gain access to a home network, it can be quite easy to obtain information about the connected devices, using free and relatively simple penetration tools within Kali Linux. Also, proceed to render attacked devices useless by knocking them off the home network.


© Copyright 2020 IEEE - All rights reserved.