Research Colloquium talk – Meet Malexa, Alexa’s Malicious Twin: Ambient Tactical Deception Attacks on Intelligent Voice Assistants

Talk Overview

Malexa is an intelligent voice assistant with a simple and seemingly legitimate third-party skill that delivers news briefings to users. The twist, however, is that Malexa covertly rewords these briefings to introduce misperception about the reported events intentionally. This covert rewording is what we call an Ambient Tactical Deception (ATD) attack. It differs from squatting or invocation hijacking attacks in that it is focused on manipulating the “content” instead of the “invocation logic.” Malexa dynamically manipulates news briefings to make a government response sound more accidental or lenient than the original news delivered by Amazon Alexa. A study with 220 participants was conducted to assess Malexa’s effect on inducing misperceptions and covert manipulation of reality. We found that users who interacted with Malexa perceived that the government was less friendly to working people and more in favor of big businesses, regardless of their political ideology or frequency of interaction. These findings express the potential of Malexa becoming a covert “influencer” aiming to disrupt the current political climate, particularly the build-up to the 2020 presidential elections in the United States.

When: Friday, January 17, 1-2:00pm

Where: CDM Theater 708

Who: Dr. Filipo Sharevski, Assistant Professor, DePaul University

Now the colloquium talks are live-streamed and available on YouTube!

Speaker bio: Filipo Sharevski is a cybersecurity researcher and tactician who constructs and manipulates reality as it unfolds across the cyber-physical spaces and within power structures, particularly focused on social engineering, reality interventions, resistances, and low-intensity cyberwarfare. His academic work has been published internationally, including a book on cellular network forensics, cybersecurity curriculum under the Cybersecurity National Action Plan (CNAP), and academic articles in renewed cybersecurity journals and conferences. His research areas include; Ambient Tactical Deception; malicious user experience design; secure design, divergence and deception in human communication and interaction; psychological operations; cyberwarfare; behavioral security in cellular and cyber-physical systems. Dr. Sharevski holds a Ph.D. in Interdisciplinary Cybersecurity from Purdue University, West Lafayette. He is currently an Assistant Professor in the College of Computing and Digital Media at DePaul University, where he co-founded and co-directs the Divergent Design Lab. He also leads the 5G De-Mobile Lab focused on behavioral security and forensics research in future cellular networks.