Voice Command Fingerprinting with Locality Sensitive Hashes

ABSTRACTSmart home speakers are deployed in millions of homes around the world. These speakers enable users to interact with other IoT devices in the household and provide voice assistance such as telling the weather and reminding appointments. Although smart home speakers facilitate many aspects of our life, security and privacy concerns should be analyzed and addressed. In this paper, we show that an attacker sniffing the network traffic of smart speakers can infer voice commands and compromise the privacy of users. Specifically, we propose a method that utilizes the network traffic of the speakers to fingerprint the voice commands of users without a need for extracting traffic features with machine learning algorithms. We evaluated the proposed method on traffic traces of 100 different voice commands on smart home speakers. Our approach correctly infers 42% of voice commands while machine learning models infer 22% to 34%. We also evaluated the effectiveness of the padding method recommended for preventing voice command fingerprinting and observed that the accuracy of proposed fingerprinting method drops down to 15% and accuracy of machine learning methods ranges from 6% to 15% with traffic padding.