MegaMind: A platform for security & privacy extensions for voice assistants

Abstract

Voice assistants raise serious security and privacy concerns because they use always-on microphones in sensitive locations (e.g., inside a home) and send audio recordings to the cloud for processing. The cloud transcribes these recordings and interprets them as user requests, and sometimes even shares these requests with third-party services. These steps may result in unintended or malicious voice data leaks and in unauthorized actions, such as a purchase. This paper presents MegaMind, a novel extensible platform that lets a user deploy security and privacy extensions locally on their voice assistant. MegaMind's extensions interpose on requests before sending them to the cloud and on responses before delivering them to the user. MegaMind's programming model enables writing powerful extensions with ease, such as one for secure conversations. Additionally, MegaMind protects against malicious extensions by providing two important guarantees, namely permission enforcement and non-interference. We implement MegaMind and integrate it with Amazon Alexa Service SDK. Our evaluation shows that MegaMind achieves a small conversation latency on platforms with adequate compute power, such as a Raspberry Pi 4 and an x86-based laptop.