Intelligent Virtual Assistant knows Your Life

TL;DR

This paper examines the privacy risks associated with cloud-based intelligent virtual assistants like Alexa, analyzing user data to reveal personal lifestyle patterns and highlighting potential security threats.

Contribution

It categorizes IVA-related data types and demonstrates how user lifestyle insights can be derived from Alexa usage data, emphasizing privacy concerns.

Findings

User interests and habits can be inferred from IVA data

Sleep and wakeup patterns are detectable from usage logs

Privacy threats to IVA users are significant and warrant attention.

Abstract

In the IoT world, intelligent virtual assistant (IVA) is a popular service to interact with users based on voice command. For optimal performance and efficient data management, famous IVAs like Amazon Alexa and Google Assistant usually operate based on the cloud computing architecture. In this process, a large amount of behavioral traces that include user voice activity history with detailed descriptions can be stored in the remote servers within an IVA ecosystem. If those data (as also known as IVA cloud native data) are leaked by attacks, malicious person may be able to not only harvest detailed usage history of IVA services, but also reveals additional user related information through various data analysis techniques. In this paper, we firstly show and categorize types of IVA related data that can be collected from popular IVA, Amazon Alexa. We then analyze an experimental dataset covering three months with Alexa service, and characterize the properties of user lifestyle and life patterns. Our results show that it is possible to uncover new insights on personal information such as user interests, IVA usage patterns and sleeping, wakeup patterns. The results presented in this paper provide important implications for and privacy threats to IVA vendors and users as well.