|dc.description.abstract||Not many years ago, the relationship between society and technology was related to a previous understanding or training of the different ways in which users could interact with them. It was common to receive training to operate different electronic devices such as computers or to receive training to handle various applications, such as spreadsheets for example.
However, technology advances very fast, and it has become more intuitive and more comfortable to interact and incorporate into people's lives almost transparently. Similarly, many of the technology described in numerous science fiction stories in some cases have become a reality today.
One of the latest technologies that simulate having a normal conversation with a human being is digital voice assistants, in which people without any previous training can almost establish a nearly normal conversation with those devices. Smart Personal Assistants (SPA) can help us to simplify activities at home. Similarly, with those devices, one can search for information on the Internet, buy products, make shopping lists, make calls, listen to music and do much more. The opportunities that these devices give us are extensive, and the limits are only tied to what people can do with their voices.
Whereas, to the extent that hands-free digital assistants (SPA) become more prevalent in homes and businesses, different elements of society (Academics, scientists, and engineers) have raised their hands pointing out the risks to the privacy and security that these devices have generated.
There are press reports, and even the companies producing these devices have admitted in some cases that they have heard private conversations that those devices have transmitted without the knowledge of the owners of the SPA.
Although only using voice people can interact with the device; this feature could generate a breach in the security and privacy of the person or family communications exposing the life to unauthorised people or the companies that those devices connect too.
The objective of this thesis is to demonstrate the flaws at the level of confidentiality, integrity, availability, and authentication of SPA devices, which can generate security and protection problems of information that these devices can capture and process.
It will be introduced in this document, the life cycle of the SPA which composed of eight stages. The first is of the interaction between the user and the SPA. The second stage includes the information that is handled between the SPA and the home router. The third concerns the voice software recognition used by the device owner company to recognise the user´s utterance, process it and answer the user request. Web applications and mobile applications to access these devices are related to the fourth state of the ecosystem. States five and six point out the native applications and applications developed by third parties, respectively. Other AI (Artificial intelligence) cloud devices that work with SPAs are contained in stage seven of the ecosystem. The last state of the ecosystem (Eight) is associated with the physical devices that can be manipulated through SPA devices such as smart TVs, lights or smart plug, only to mention some of them, which are managed through of its respective cloud companies.
It will be demonstrated through various security penetration tests, there are severe and worrisome threats to the safety and privacy of the owners of those devices.
The digital forensic research will focus on obtaining useful artifacts which can use in a court of law. Through different tests, this document will prove that although there are no standard procedures to develop digital forensic research on SPA devices, it was possible to compile distinct data that may be useful in a court of law. Most of the information was found, it was achieved analysing the data stored on mobile devices; similarly, the data left on web-browsers proved to be meaningful; finally using no-APIs official showed that Amazon-Echo-Dot v3, release valuable information.||en_NZ