Meet Malexa, Alexa's Malicious Twin: Malware-Induced Misperception Through Intelligent Voice Assistants
This reveals a novel security threat where voice assistants can manipulate content to influence perceptions, posing risks for users in everyday environments.
The study introduced Malexa, a malicious voice assistant that covertly rewords news briefings to induce misperceptions, finding that users (N=220) perceived the government as less friendly to working people and more pro-business after interaction.
This paper reports the findings of a study where users (N=220) interacted with Malexa, Alexa's malicious twin. Malexa is an intelligent voice assistant with a simple and seemingly harmless third-party skill that delivers news briefings to users. The twist, however, is that Malexa covertly rewords these briefings to intentionally introduce misperception about the reported events. This covert rewording is referred to as a Malware-Induced Misperception (MIM) attack. It differs from squatting or invocation hijacking attacks in that it is focused on manipulating the "content" delivered through a third-party skill instead of the skill's "invocation logic." Malexa, in the study, reworded regulatory briefings to make a government response sound more accidental or lenient than the original news delivered by Alexa. The results show that users who interacted with Malexa perceived that the government was less friendly to working people and more in favor of big businesses. The results also show that Malexa is capable of inducing misperceptions regardless of the user's gender, political ideology or frequency of interaction with intelligent voice assistants. We discuss the implications in the context of using Malexa as a covert "influencer" in people's living or working environments.