Voice-assisted technologies entered the marketplace in 2009 with the introduction of Google Voice. One year later, Apple introduced Siri, and Samsung followed in short order with the introduction of S Voice in 2012.
Originally intended for accommodating hands-free use of mobile devices, voice-assisted technologies have moved far beyond a smartphone feature to become an integral component of the smart devices many of us use at home and on the go.
According to PEW Research Center survey results released in November 2019, a quarter of all U.S. households are now using voice-activated assistants like Amazon Echo or Google Home. Half of the survey respondents expressed concern about the amount of personal data these devices collect. The concern is not unfounded.
One of the first examples of how things can go wrong was widely reported in 2017. A television news station ran a story that triggered devices without permission.
The human-interest story was about a little girl inadvertently placing an order for dollhouses when conversing with her parents’ Amazon Alexa. The story ended with the anchor saying the words “Alexa ordered me a dollhouse.” That phrase “woke up” home devices that then also attempted to place orders for dollhouses.
Voice assistants are convenient, but what if it’s not your voice? Things are further complicated by the fact that third-party developers provide add-on functions for everything from ordering food to managing bank accounts.
Lack of security can allow bad actors, through these third-party applications, to take over voice-assisted devices and gain access to private information.
Yuan Tian, an assistant professor in the Department of Computer Science at the University of Virginia School of Engineering, recently earned a CAREER AWARD from the National Science Foundation for developing advanced methods to secure voice-user interfaces and “internet of things” platforms.
Through the CAREER Award program, the National Science Foundation recognizes early-career faculty who have the potential to serve as academic role models in research and education and to lead advances in the mission of their departments or organizations.
Tian earned a master’s degree at Beijing University of Posts and Telecommunications, where she researched methods to protect intellectual property rights on smartphones. She transitioned to her doctoral research at Carnegie Mellon University just as internet of things technology was gaining popularity.
“Voice-user interfaces were becoming a feature in a wide range of cyber-physical systems applications, for everything from health care, to shopping, to even remote control of cars,” Tian said. “It was becoming critical to not only protect voice-activated devices from malicious takeovers, but also to protect the information they collect.”
Tian undertook several industry research internships as well. She worked with Microsoft and Facebook to advance their authentication security protocols and served as a security intern at Samsung, where she contributed to a safer Android operating system.
Tian credits these internships with providing valuable insights for the translation of ideas into commercial adoption. “There are real-world constraints and limitations that must be considered,” she said.
After completing her doctoral research in 2017, Tian joined UVA Engineering’s Department of Computer Science and became a participating faculty member in UVA Engineering’s Link Lab. There she joins close to 40 faculty and 200 graduate researchers all devoted to interdisciplinary research in cyber-physical systems.
In her lab at UVA, she has set out to develop methods for assessing security threats to voice-user interfaces, the cyber-physical system component used in many internet of things devices like Amazon Echo and Google Home.
Assistant professor Yuan Tian’s research uses machine learning voice testing to assess security threats to voice-user interfaces, the cyber-physical component used in many internet of things devices like Amazon Echo and Google Home.