A Closer Look at Access Control in Multi-User Voice Systems

Voice-controlled systems have revolutionized user interactions, making technology more accessible and intuitive across various settings. In multi-user environments, such as households, voice assistants like Amazon Alexa are favored as they enable seamless interaction with devices and services. However, the convenience these systems offer comes with challenges, especially concerning privacy and security. In environments where multiple users interact with the same voice assistant, the need for sophisticated access control mechanisms becomes apparent to prevent unauthorized access to sensitive information. This study assesses the effectiveness of voice access control mechanisms within these multi-user contexts, shedding light on the inherent privacy risks associated with shared voice-controlled systems. First, the study demonstrates vulnerabilities in the current access control mechanisms concerning users' private data. Second, a framework for automated testing is developed to explore the access control weaknesses and determine whether the accessible data is of consequence, as not all information may be equally sensitive or vital to users. Third, two flaws within the access control mechanisms offered by the voice system are identified, highlighting the susceptibility of existing access controls to unauthorized access. Finally, the study reveals that operations on the system are protected, whereas other operations that are not protected still reveal user's private information. These findings underscore the need for enhanced privacy safeguards and improved access control systems in multi-user environments. Recommendations are offered to mitigate risks associated with unauthorized access, focusing on securing the user's private data on the voice assistant.