Wang is an expert in applied cryptography and teaches network security, data security and privacy. He holds several patents on encrypted data and has published extensively on the topic.
In UC’s Department of Electrical Engineering and Computer Science, Wang and his students are investigating other ways hackers could exploit the devices and potentially steal financial or personal information stored online.
They presented some of their findings last year at the Institute of Electrical and Electronics Engineers’ annual conference on communications and network security.
The UC researchers examined a new passive attack on home speakers, called “voice command fingerprinting,” in which hackers can eavesdrop on data transferred between the smart speaker and the cloud server to learn what questions or commands the user gives the device.
Using machine-learning algorithms, they calculated that with this information alone hackers could correctly infer about one-third of voice commands by eavesdropping on the encrypted information the device sends to and receives from the cloud.
How do they do it?
UC graduate Sean Kennedy and his co-authors built 1,000 traces on an Amazon Echo for 100 common voice commands. The information sent to the cloud each time you ask Alexa for the weather are encrypted. But this data, called a network packet, from each voice command includes predictable traffic patterns like a digital fingerprint, Kennedy said.
“If someone is asking for the weather, that doesn’t reveal a lot,” Kennedy said. “But if you were able to string together other things someone asks a smart speaker, you could use that to do something else like open a garage door.”