Smart speakers like Amazon Alexa can be controlled by users via voice commands and are very popular. However, these devices have to listen all the time via microphone whether they are being addressed. And how can you be sure that this device is really just doing what it is supposed to, and has not perhaps been hacked and is spying on the user?

One technique to determine the integrity of another device is "remote attestation". Remote attestation techniques allow one device to verify the state of another device. The Working Group for Systems Security at the University of Duisburg-Essen, together with researchers at the Technical University of Darmstadt, within the DFG Collaborative Research Center CROSSING developed a method for users to attest smart speakers called "SCAtt-man". Using their smartphones, users determine if the software of smart speakers is unchanged or if viruses or other malware have been installed. In a user study, the prototype was found to have high usability. In addition, the users indicated that this process increases their confidence in smart speakers and that they would use it if this process were integrated into their smart speakers.

This project will be presented at the ACM Conference on Data and Application Security and Privacy (CODASPY) in Charlotte, NC in the United States in April.