This paper reports the findings of a study where users ($N=220$) interacted with Malexa, Alexa’s malicious twin. Malexa is an intelligent voice assistant with a simple and seemingly harmless third-party skill that delivers news briefings to users. The twist, however, is that Malexa covertly rewords these briefings to intentionally introduce misperception about the reported events. This covert rewording is referred to as a Malware-Induced Misperception (MIM) attack. It differs from squatting or invocation hijacking attacks in that it is focused on manipulating the “content” delivered through a third-party skill instead of the skill’s “invocation logic.” Malexa, in the study, reworded regulatory briefings to make a government response sound more accidental or lenient than the original news delivered by Alexa. The results show that users who interacted with Malexa perceived that the government was less friendly to working people and more in favor of big businesses. The results also show that Malexa is capable of inducing misperceptions regardless of the user’s political ideology, gender identity, age or frequency of interaction with intelligent voice assistants. We propose a system-level solution for countering Malexa and discuss the implications of using Malexa as a covert “influencer” in people’s living environments.

本文报告了一项研究的结果，其中用户（$ñ=220$）与Alexa的恶意双胞胎Malexa进行了互动。Malexa是一款智能语音助手，具有简单且看似无害的第三方技能，可向用户提供新闻简报。然而，转折点是Malexa暗中改写了这些简报，以故意引入对所报道事件的误解。这种秘密重新措辞被称为恶意软件引起的误解（MIM）攻击。它与蹲下或调用劫持攻击不同，它着重于操纵通过第三方技能传递的“内容”，而不是该技能的“调用逻辑”。研究中，Malexa改写了监管简报，使政府的回应听起来比Alexa最初发布的消息更加偶然或宽大。结果表明，与Malexa进行交互的用户认为政府对劳动者的友好程度较低，而更倾向于大企业。结果还表明，无论用户的政治意识形态，性别认同，与智能语音助手互动的年龄或频率。我们提出了针对Malexa的系统级解决方案，并讨论了将Malexa用作人们生活环境中的隐性“影响者”的含义。