Penetration Testing of the Amazon Echo Digital Voice Assistant Using a Denial-of-Service Attack

Johnathan Dain Overstreet, Hayden Wimmer, Rami Haddad

Research output: Contribution to journalArticlepeer-review

14 Scopus citations

Abstract

With so much time spent on innovating Internet of Things (IoT) devices, it is believed that not enough time is spent on developing security standards of these devices. Many consumers are especially concerned about the security and privacy of IoT devices. The purpose of this paper is to test an Amazon Echo's vulnerability against a Denial-of-Service (DoS) attack. Using a test wireless network, and assuming that a cyber-criminal already has access to your home network, we monitored the network traffic of the Amazon Echo while it is under a DoS attack. We then used one instance of Kali Linux to perform the attacks on the device, while another instance of Kali was used to monitor the network during the attack. The attackable to cause the device to crash and disconnect from the network. We were also able to analyze the network traffic using Wireshark and show where the network packets were dropping during the attack. We found that initiating a Denial-of-Service attack on an Amazon Echo device could be a fairly easy task. In this paper, we pointed out that if an attacker has the knowledge and ability to gain access to a home network, it can be quite easy to obtain information about the connected devices, using free and relatively simple penetration tools within Kali Linux. Also, proceed to render attacked devices useless by knocking them off the home network.

Original languageAmerican English
JournalIEEE SoutheastCon 2019 Conference Proceeding
DOIs
StatePublished - Mar 5 2020

DC Disciplines

  • Computer Sciences

Fingerprint

Dive into the research topics of 'Penetration Testing of the Amazon Echo Digital Voice Assistant Using a Denial-of-Service Attack'. Together they form a unique fingerprint.

Cite this