Acoustic Attacks in IOT Era: Risks and Mitigations
Usage of Internet of Things (IoT) devices became ubiquitous. IoT is expected to be of more spread, as new ideas emerge on the level of devices and applications. Such--Things-are smart in a manner that they are in connection with each other. Things form some sort of a collaborative network, where they communicate and share data with each other; as well, they are possibly remotely controlled. One possible way of remote control is the use of voice in the control of such devices, known as Voice Controlled Systems (VCS). Whether the IoT device is controlled by voice, or not controlled by voice, in both cases and with proven results, adversaries can perform attacks on such devices using acoustics. We address the use of acoustics in gaining control over such devices. We also address the exposed risks on victim devices, as well as the provided mitigations under the umbrella of Information Technology Infrastructure Library (ITIL) as a framework for security service management. In this paper, we propose a holistic and novel framework based on ITIL that addresses-To the best of our knowledge-the possible risks of acoustic attacks and the possible mitigation techniques. © 2020 ACM.