The Security and Privacy of Smart Home Assistants

The Security and Privacy of Smart Home Assistants


1、Prove that Mycroft has the hidden danger of Voice Squatting Attack

Mycroft uses Google’s natural language processing system, mainly for the nlp system to do the following things


1.1. Find an accent database (nationwide speech project, linguistic data consortium or others), just a few commands, after the natural language processing module, the text text is wrong, for example, the weather is translated into whether, or translate please into please


1.2. Register a new skill based on the error from nlp, register a new skill on google’s nlp system, or register a new skill in the mycroft system. This is not very sure. It must be similar to the existing original skill, such as the original The skill is weather, and the registered skill can be whether. Make sure that the newly registered skill is awakened when reading the original command, not the original skill


1.3. It is similar to the two steps above, but the skill registered this time is similar. The original skill is weather, and the newly registered one is tomorrow weather or weather for me. It is also necessary to ensure that the intent recognized by nlp or transferred out skill is newly registered


1.4 Similar to the two above, the command uses a noise file, and the command inside cannot be recognized after entering nlp




2、Relieve the hidden dangers above(python)

2.1 For 1.1 and 1.2, use a machine learning algorithm to make a corrector, put it behind nlp, and correct the wrong intent of the nlp recognition inside to the correct intent


2.2. For 1.3, make a filter module before the nlp module. It is best to use the fft method. Others can also be used to ensure that the audio after noise removal can be recognized by nlp.


Install Mycroft:

run mycroft:

Skill writing:

Mycroft Speech to Text:










Please submit your final report and source code (depending on the project nature) using the submission link below.

  • Your report MUST BE IN PDF FORMAT. 
  • Make sure the PDF version of your report can be displayed correctly (something wrong could happen during PDF conversion).
  • Check the formatting of all pages and figures prior to submission (just in case something goes awry during the conversion process).
  • Download the submitted report and check if it is displayed correctly and the right version you expect to upload.
  • Your source code must be submitted as a compressed archive (ZIP format).
  • The submission link will close sharply at the deadline. No submission may lead to zero mark for your project.
  • See “Points to note for submissions” in “Deliverables and Submissions” section before submission.



  • The final project report will be marked by your supervisor and independently assessed by a second marker. Their assessments are submitted to the assessment team.


Report Format

  • The project report must be an original exposition that is clear and includes proper references to the technical literature.
  • The report should not exceed 15000 words. This does not count the Cover page, Acknowledgements, Table of contents, Nomenclature, List of figures and tables, References, Appendix or Source Code. Markers may refuse to mark any report exceeding word limit.
  • State the word count on the cover page
  • The format is as follows:
    • Single line spaced text
    • 11/12-point font
    • 5cm margins
  • The text must be clearly and accurately written in proper English.
  • The project report must be prepared in a document typesetting system. It is recommended that the document typesetting system TeX or LaTeX is used.


General Content

Each project report must include a clear description of the following aspects of the project:

  • The technical background of the project, including appropriate references to the technical literature.
  • Specific aims and objectivesof the project.
  • The technical contributionof the project, including a description of the data set(s) explored (if any), methodology, theory and any experimental results.
  • Analysis and evaluation, which verify the technical contribution made.
  • Conclusions, including an overview of what has actually been achieved by the project, an interpretation of the results, and suggestions of how the project could be further extended.
  • For software developed based projects, complete source codelistings must be submitted as an appendix to the report (excluding any well-known, freely obtainable, third-party libraries explicitly mentioned in the report). The source code must be submitted in a compressed file via KEATS together with the report.
  • Help your reader navigate through your source code by providing a “table of contents” (README file containing contents of archive and short descriptions of each file in the archive).
  • The source code archive must contain a file with the following statement certifying the work as your own: “I verify that I am the sole author of the programmes contained in this archive, except where explicitly stated to the contrary”. Your (typed) signature and the date should follow this statement.
  • Any developed software or artefact and instructions on how to use the software/artefact must be submitted.