{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:07:27Z","timestamp":1776888447332,"version":"3.51.2"},"reference-count":33,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2021,3,26]],"date-time":"2021-03-26T00:00:00Z","timestamp":1616716800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Since the purchase of Siri by Apple, and its release with the iPhone 4S in 2011, virtual assistants (VAs) have grown in number and popularity. The sophisticated natural language processing and speech recognition employed by VAs enables users to interact with them conversationally, almost as they would with another human. To service user voice requests, VAs transmit large amounts of data to their vendors; these data are processed and stored in the Cloud. The potential data security and privacy issues involved in this process provided the motivation to examine the current state of the art in VA research. In this study, we identify peer-reviewed literature that focuses on security and privacy concerns surrounding these assistants, including current trends in addressing how voice assistants are vulnerable to malicious attacks and worries that the VA is recording without the user\u2019s knowledge or consent. The findings show that not only are these worries manifold, but there is a gap in the current state of the art, and no current literature reviews on the topic exist. This review sheds light on future research directions, such as providing solutions to perform voice authentication without an external device, and the compliance of VAs with privacy regulations.<\/jats:p>","DOI":"10.3390\/s21072312","type":"journal-article","created":{"date-parts":[[2021,3,26]],"date-time":"2021-03-26T06:59:42Z","timestamp":1616741982000},"page":"2312","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":92,"title":["On the Security and Privacy Challenges of Virtual Assistants"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1599-8400","authenticated-orcid":false,"given":"Tom","family":"Bolton","sequence":"first","affiliation":[{"name":"School of Science, Environment and Engineering, The University of Salford, Salford M5 4WT, UK"}]},{"given":"Tooska","family":"Dargahi","sequence":"additional","affiliation":[{"name":"School of Science, Environment and Engineering, The University of Salford, Salford M5 4WT, UK"}]},{"given":"Sana","family":"Belguith","sequence":"additional","affiliation":[{"name":"School of Science, Environment and Engineering, The University of Salford, Salford M5 4WT, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5343-8370","authenticated-orcid":false,"given":"Mabrook S.","family":"Al-Rakhami","sequence":"additional","affiliation":[{"name":"Research Chair of Pervasive and Mobile Computing, Information Systems Department, College of Computer and Information Sciences, King Saud University, Riyadh 11543, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5502-530X","authenticated-orcid":false,"given":"Ali Hassan","family":"Sodhro","sequence":"additional","affiliation":[{"name":"Department of Computer and System Science, Mid Sweden University, SE-831 25 \u00d6stersund, Sweden"},{"name":"Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences, Shenzhen 518000, China"},{"name":"Department of Electrical Engineering, Sukkur IBA University, Sukkur 65200, Pakistan"}]}],"member":"1968","published-online":{"date-parts":[[2021,3,26]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1080\/02763869.2018.1404391","article-title":"Alexa, Siri, Cortana, and More: An Introduction to Voice Assistants","volume":"37","author":"Hoy","year":"2018","journal-title":"Med Ref. Serv. Q."},{"key":"ref_2","unstructured":"(2021, February 22). Report: Smart Speaker Adoption in US Reaches 66M Units, with Amazon Leading. Available online: https:\/\/techcrunch.com\/2019\/02\/05\/report-smart-speaker-adoption-in-u-s-reaches-66m-units-with-amazon-leading\/."},{"key":"ref_3","unstructured":"Wolfson, S. (2018, May 24). Amazon\u2019s Alexa Recorded Private Conversation and Sent It to Random Contact. Available online: https:\/\/www.theguardian.com\/technology\/2018\/may\/24\/amazon-alexa-recorded-conversation."},{"key":"ref_4","unstructured":"Cook, J. (2020, March 25). Amazon employees listen in to thousands of customer Alexa recordings. Available online: https:\/\/www.telegraph.co.uk\/technology\/2019\/04\/11\/amazon-employees-listen-thousands-customer-alexa-recordings\/."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"S15","DOI":"10.1016\/j.diin.2017.06.010","article-title":"Digital forensic approaches for Amazon Alexa ecosystem","volume":"22","author":"Chung","year":"2017","journal-title":"Digit. Investig."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and Other Botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"L\u00f3pez, G., Quesada, L., and Guerrero, L.A. (2017, January 17\u201321). Alexa vs. Siri vs. Cortana vs. Google Assistant: A Comparison of Speech-Based Natural User Interfaces. Proceedings of the International Conference on Applied Human Factors and Ergonomics, Los Angeles, CA, USA.","DOI":"10.1007\/978-3-319-60366-7_23"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Siebra, C., Correia, W., Penha, M., Macedo, J., Quintino, J., Anjos, M., Florentin, F., da Silva, F.Q.B., and Santos, A.L.M. (2018, January 4\u20137). Virtual assistants for mobile interaction: A review from the accessibility perspective. Proceedings of the 30th Australian Conference on Computer-Human Interaction, Melbourne, Australia.","DOI":"10.1145\/3292147.3292232"},{"key":"ref_9","unstructured":"(2021, February 22). Amazon Alexa Integrated with IoT Ecosystem Service. Available online: https:\/\/www.faststreamtech.com\/blog\/amazon-alexa-integrated-with-iot-ecosystem-service\/."},{"key":"ref_10","unstructured":"Mun, H., Lee, H., Kim, S., and Lee, Y. (April, January 30). A smart speaker performance measurement tool. Proceedings of the 35th Annual ACM Symposium on Applied Computing, SAC \u201920, Brno, Czech Republic."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Burbach, L., Halbach, P., Plettenberg, N., Nakayama, J., Ziefle, M., and Valdez, A.C. (2019, January 23\u201326). \u201cHey, Siri\u201d, \u201cOk, Google\u201d, \u201cAlexa\u201d. Proceedings of the Acceptance-Relevant Factors of Virtual Voice-Assistants, Aachen, Germany.","DOI":"10.1109\/ProComm.2019.00025"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1007\/s00779-018-1174-x","article-title":"Alexa, are you listening to me? An analysis of Alexa voice service network traffic","volume":"23","author":"Ford","year":"2019","journal-title":"Pers. Ubiquitous Comput."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"113193","DOI":"10.1016\/j.eswa.2020.113193","article-title":"Intelligent personal assistants: A systematic literature review","volume":"147","author":"Silva","year":"2020","journal-title":"Expert Syst. Appl."},{"key":"ref_14","unstructured":"Rzepka, C. (2021, February 24). Examining the Use of Voice Assistants: A Value-Focused Thinking Approach; Association for Information Systems. Available online: https:\/\/aisel.aisnet.org\/amcis2019\/human_computer_interact\/human_computer_interact\/20\/."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Zhang, N., Mi, X., Feng, X., Wang, X., Tian, Y., and Qian, F. (2019, January 19\u201323). Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems. Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00016"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1109\/MSEC.2019.2910013","article-title":"Emerging Threats in Internet of Things Voice Services","volume":"17","author":"Kumar","year":"2019","journal-title":"IEEE Secur. Priv."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Cheng, P., Bagci, I.E., Yan, J., and Roedig, U. (2019, January 19\u201323). Smart Speaker privacy control\u2014Acoustic tagging for Personal Voice Assistants. Proceedings of the 2019 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA.","DOI":"10.1109\/SPW.2019.00035"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Lau, J., Zimmerman, B., and Schaub, F. (,  2018). Alexa, Are You Listening? Privacy Perceptions, Concerns and Privacy-seeking Behav-iors with Smart Speakers. Proceedings of the ACM on Human-Computer Interaction, Available online: https:\/\/www.key4biz.it\/wp-content\/uploads\/2018\/11\/cscw102-lau-1.pdf.","DOI":"10.1145\/3274371"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Turner, H., Lovisotto, G., and Martinovic, I. (2019, January 23\u201327). Attacking Speaker Recognition Systems with Phoneme Morphing. Proceedings of the ESORICS 2019: Computer Security, Luxembourg.","DOI":"10.1007\/978-3-030-29959-0_23"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Mitev, R., Miettinen, M., and Sadeghi, A.R. (2019, January 9\u201312). Alexa Lied to Me: Skill-based Man-in-the-Middle Attacks on Virtual Assistants. Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, Asia CCS \u201919, Auckland, New Zeland.","DOI":"10.1145\/3321705.3329842"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Castell-Uroz, I., Marrugat-Plaza, X., Sol\u00e9-Pareta, J., and Barlet-Ros, P. (2019, January 9\u201312). A first look into Alexa\u2019s interaction security. Proceedings of the CoNEXT \u201919 Proceedings, Orlando, FL, USA.","DOI":"10.1145\/3360468.3366769"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Javed, Y., Sethi, S., and Jadoun, A. (2019, January 26\u201329). Alexa\u2019s Voice Recording Behavior: A Survey of User Understanding and Awareness. Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES \u201919, Canterbury, UK.","DOI":"10.1145\/3339252.3340330"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Furey, E., and Blue, J. (2019, January 18\u201320). Can I Trust Her? Intelligent Personal Assistants and GDPR. Proceedings of the 2019 International Symposium on Networks, Computers and Communications (ISNCC), Istanbul, Turkey.","DOI":"10.1109\/ISNCC.2019.8909098"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Feng, H., Fawaz, K., and Shin, K.G. (2017, January 16\u201320). Continuous Authentication for Voice Assistants. Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking, MobiCom \u201917, Snowbird, UT, USA.","DOI":"10.1145\/3117811.3117823"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., and Xu, W. (November, January 30). DolphinAttack: Inaudible Voice Commands. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications, CCS \u201917, Dallas, TX, USA.","DOI":"10.1145\/3133956.3134052"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Y\u0131ld\u0131r\u0131m, \u0130., Bostanc\u0131, E., and G\u00fczel, M.S. (2019, January 10\u201315). Forensic Analysis with Anti-Forensic Case Studies on Amazon Alexa and Google Assistant Build-In Smart Home Speakers. Proceedings of the 2019 4th International Conference on Computer Science and Engineering (UBMK), Samsun, Turkey.","DOI":"10.1109\/UBMK.2019.8907007"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"105366","DOI":"10.1016\/j.clsr.2019.105366","article-title":"From Alexa to Siri and the GDPR: The gendering of Virtual Personal Assistants and the role of Data Protection Impact Assessments","volume":"36","author":"Adams","year":"2020","journal-title":"Comput. Law Secur. Rev."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Kennedy, S., Li, H., Wang, C., Liu, H., Wang, B., and Sun, W. (2019, January 10\u201312). I Can Hear Your Alexa: Voice Command Fin-gerprinting on Smart Home Speakers. Proceedings of the 2019 IEEE Conference on Communications and Network Security (CNS), Washington, DC, USA.","DOI":"10.1109\/CNS.2019.8802686"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Sangal, S., and Bathla, R. (2019, January 21\u201322). Implementation of Restrictions in Smart Home Devices for Safety of Children. Proceedings of the 2019 4th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India.","DOI":"10.1109\/ISCON47742.2019.9036218"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"McReynolds, E., Hubbard, S., Lau, T., Saraf, A., Cakmak, M., and Roesner, F. (2017, January 6\u201311). Toys that Listen: A Study of Parents, Children, and Internet-Connected Toys. Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, CHI \u201917, Denver, CO, USA.","DOI":"10.1145\/3025453.3025735"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"31957","DOI":"10.1109\/ACCESS.2020.2972975","article-title":"Using Granule to Search Privacy Preserving Voice in Home IoT Systems","volume":"8","author":"Li","year":"2020","journal-title":"IEEE Access"},{"key":"ref_32","unstructured":"Wang, C., Shi, C., Chen, Y., Wang, Y., and Saxena, N. (2020, January 7\u201311). WearID: Wearable-Assisted Low-Effort Authentication to Voice Assistants using Cross-Domain Speech Similarity. Proceedings of the Annual Computer Security Applications Conference, ACSAC \u201920, Austin, TX, USA."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Chalhoub, G., and Flechais, I. (2020, January 19\u201324). \u201cAlexa, Are You Spying on Me?\u201d: Exploring the Effect of User Experience on the Security and Privacy of Smart Speaker Users. Proceedings of the 2020 International Conference on Human-Computer Interaction, Copenhagen, Denmark.","DOI":"10.1007\/978-3-030-50309-3_21"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/7\/2312\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:41:18Z","timestamp":1760161278000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/7\/2312"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,26]]},"references-count":33,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2021,4]]}},"alternative-id":["s21072312"],"URL":"https:\/\/doi.org\/10.3390\/s21072312","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3,26]]}}}