Smart Home Personal Assistants (SPA) are an emerging innovation that is changing the means by which home users interact with technology. However, several elements expose these systems to various risks: (i) the open nature of the voice channel they use, (ii) the complexity of their architecture, (iii) the AI features they rely on, and (iv) their use of a wide range of underlying technologies. This article presents an in-depth review of SPA’s security and privacy issues, categorizing the most important attack vectors and their countermeasures. Based on this, we discuss open research challenges that can help steer the community to tackle and address current security and privacy issues in SPA. One of our key findings is that even though the attack surface of SPA is conspicuously broad and there has been a significant amount of recent research efforts in this area, research has so far focused on a small part of the attack surface, particularly on issues related to the interaction between the user and the SPA devices. To the best of our knowledge, this is the first article to conduct such a comprehensive review and characterization of the security and privacy issues and countermeasures of SPA.

中文翻译：

---

智能家居个人助理

智能家居个人助理 (SPA) 是一项新兴创新，正在改变家庭用户与技术互动的方式。然而，有几个因素使这些系统面临各种风险：(i) 他们使用的语音通道的开放性，(ii) 其架构的复杂性，(iii) 他们依赖的 AI 功能，以及 (iv) 他们使用广泛的底层技术。本文深入回顾了 SPA 的安全和隐私问题，对最重要的攻击媒介及其对策进行了分类。基于此，我们讨论了开放的研究挑战，这些挑战可以帮助引导社区解决和解决 SPA 中当前的安全和隐私问题。我们的主要发现之一是，尽管 SPA 的攻击面非常广泛，并且最近在该领域进行了大量研究工作，但迄今为止的研究都集中在攻击面的一小部分，特别是相关问题到用户和SPA设备之间的交互。据我们所知，这是第一篇对 SPA 的安全和隐私问题及对策进行如此全面的回顾和描述的文章。