TL;DR
This paper investigates the types of user data accessible via Amazon Alexa APIs, analyzes privacy implications, and explores how these APIs can serve as sources of digital evidence for forensic investigations.
Contribution
It provides a comprehensive analysis of Alexa APIs, identifying accessible user data, potential forensic artefacts, and privacy concerns, which was not previously documented in detail.
Findings
User interaction history is accessible through multiple APIs
Existing deletion options do not remove all user data
APIs can be used as sources of digital evidence
Abstract
With the release of Amazon Alexa and the first Amazon Echo device, the company revolutionised the smart home. It allowed their users to communicate with, and control, their smart home ecosystem purely using voice commands. However, this also means that Amazon processes and stores a large amount of personal data about their users, as these devices are always present and always listening in peoples' private homes. That makes this data a valuable source of evidence for investigators performing digital forensics. The Alexa Voice Service uses a series of APIs for communication between clients and the Amazon cloud. These APIs return a wide range of data related to the functionality of the device used. The first goal of this research was to clarify exactly what kind of information about the user is stored and accessible through these APIs. To do this, a combination of literature review and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
