Penetration Testing of the Amazon Echo Digital Voice Assistant Using a Denial-of-Service Attack
IEEE SoutheastCon 2019 Conference Proceeding
With so much time spent on innovating Internet of Things (IoT) devices, it is believed that not enough time is spent on developing security standards of these devices. Many consumers are especially concerned about the security and privacy of IoT devices. The purpose of this paper is to test an Amazon Echo's vulnerability against a Denial-of-Service (DoS) attack. Using a test wireless network, and assuming that a cyber-criminal already has access to your home network, we monitored the network traffic of the Amazon Echo while it is under a DoS attack. We then used one instance of Kali Linux to perform the attacks on the device, while another instance of Kali was used to monitor the network during the attack. The attackable to cause the device to crash and disconnect from the network. We were also able to analyze the network traffic using Wireshark and show where the network packets were dropping during the attack. We found that initiating a Denial-of-Service attack on an Amazon Echo device could be a fairly easy task. In this paper, we pointed out that if an attacker has the knowledge and ability to gain access to a home network, it can be quite easy to obtain information about the connected devices, using free and relatively simple penetration tools within Kali Linux. Also, proceed to render attacked devices useless by knocking them off the home network.
Overstreet, Johnathan Dain, Hayden Wimmer, Rami Haddad.
"Penetration Testing of the Amazon Echo Digital Voice Assistant Using a Denial-of-Service Attack."
IEEE SoutheastCon 2019 Conference Proceeding: IEEE Xplore.
doi: https://doi.org/10.1109/SoutheastCon42311.2019.9020329 source: https://doi.org/10.1109/SoutheastCon42311.2019.9020329 isbn: 978-1-7281-0137-8