TY - JOUR
T1 - Penetration Testing of the Amazon Echo Digital Voice Assistant Using a Denial-of-Service Attack
AU - Overstreet, Johnathan Dain
AU - Wimmer, Hayden
AU - Haddad, Rami
PY - 2020/3/5
Y1 - 2020/3/5
N2 - With so much time spent on innovating Internet of Things (IoT) devices, it is believed that not enough time is spent on developing security standards of these devices. Many consumers are especially concerned about the security and privacy of IoT devices. The purpose of this paper is to test an Amazon Echo's vulnerability against a Denial-of-Service (DoS) attack. Using a test wireless network, and assuming that a cyber-criminal already has access to your home network, we monitored the network traffic of the Amazon Echo while it is under a DoS attack. We then used one instance of Kali Linux to perform the attacks on the device, while another instance of Kali was used to monitor the network during the attack. The attackable to cause the device to crash and disconnect from the network. We were also able to analyze the network traffic using Wireshark and show where the network packets were dropping during the attack. We found that initiating a Denial-of-Service attack on an Amazon Echo device could be a fairly easy task. In this paper, we pointed out that if an attacker has the knowledge and ability to gain access to a home network, it can be quite easy to obtain information about the connected devices, using free and relatively simple penetration tools within Kali Linux. Also, proceed to render attacked devices useless by knocking them off the home network.
AB - With so much time spent on innovating Internet of Things (IoT) devices, it is believed that not enough time is spent on developing security standards of these devices. Many consumers are especially concerned about the security and privacy of IoT devices. The purpose of this paper is to test an Amazon Echo's vulnerability against a Denial-of-Service (DoS) attack. Using a test wireless network, and assuming that a cyber-criminal already has access to your home network, we monitored the network traffic of the Amazon Echo while it is under a DoS attack. We then used one instance of Kali Linux to perform the attacks on the device, while another instance of Kali was used to monitor the network during the attack. The attackable to cause the device to crash and disconnect from the network. We were also able to analyze the network traffic using Wireshark and show where the network packets were dropping during the attack. We found that initiating a Denial-of-Service attack on an Amazon Echo device could be a fairly easy task. In this paper, we pointed out that if an attacker has the knowledge and ability to gain access to a home network, it can be quite easy to obtain information about the connected devices, using free and relatively simple penetration tools within Kali Linux. Also, proceed to render attacked devices useless by knocking them off the home network.
UR - https://digitalcommons.georgiasouthern.edu/information-tech-facpubs/107
UR - https://doi.org/10.1109/SoutheastCon42311.2019.9020329
U2 - 10.1109/SoutheastCon42311.2019.9020329
DO - 10.1109/SoutheastCon42311.2019.9020329
M3 - Article
JO - IEEE SoutheastCon 2019 Conference Proceeding
JF - IEEE SoutheastCon 2019 Conference Proceeding
ER -