Word of the Day: voice squatting (skill squatting)

Word of the Day Daily updates on the latest technology terms | June 11, 2019 voice squatting (skill squatting) Voice squatting is an attack vector for voice user interfaces (VUIs) that exploits homonyms (words that sound the same but are spelled differently) and input errors (words that are mispronounced). The attack vector is similar to a text-based exploit called typosquatting. Virtual assistants like Amazon Echo's Alexa use voice keywords to open third-party applications. An attacker who is voice squatting will register a bogus third-party app with a voice keyword that sounds similar to a legitimate third-party app. The hope is that when an end user requests the legitimate app, Alexa will open the counterfeit app instead. For example, if there is a legitimate app called Library, an attacker may create a listening app and register it with Amazon under the voice keyword libary, which is a common mispronunciation of the word. Or an attacker may see there is a genuine banking app called Goldman Sachs and register the voice keywords goldmine sacks to try and trick Alexa into opening the attacker's app instead of the legitimate banking app. Voice squatting is also known as skill squatting because Amazon refers to third-party apps as skills. Voice squatting is dangerous because skills can run in the background for long periods of time undetected. In addition to recording users without their permission or knowledge, voice squatting could be used to broadcast fake news or prompt users to divulge personally identifiable information (PII). Quote of the Day "As VUIs become more commonplace in the workplace, expect to see numerous security issues arise as a result of security being an afterthought of the build." - George Lawton Trending Terms voice user interface typosquatting virtual assistant counterfeit app personally identifiable information cybersquatting Learning Center Voice user interfaces coming to the enterprise Voice user interfaces are likely for the next generation of ERP and other business applications. Here's what organizations should know. How virtual assistant technology will affect the enterprise The next generation of mobile devices will include more advanced virtual assistant technology. Learn how this will change the future of IT and what you can do about it. 3 reasons Google Assistant Duplex raises security, privacy concerns Google Duplex is expanding how we think of virtual assistants, providing a human-like voice for machine-to-human interactions. Despite excitement about the technology's advancement, Google Assistant Duplex raises several concerns about privacy and security. Alexa for Business sounds promising, but security a concern The success of Alexa for Business as a productivity virtual assistant could hinge on overcoming enterprise concerns around security and data privacy. Bot security through AI openness As the use of AI systems increases and worries about AI and bot security mount, some organizations are looking to boost AI openness to handle potential security problems. Quiz Yourself Voice search is better than text for a number of applications________ getting stock quotes and movie times. a. beside b. besides Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.