Program for Testing Amazon Alexa Voice Service

You are here

  • ​Testing Amazon Alexa Voice Service

    The Alexa Voice Service (AVS) enables device makers to integrate Alexa into a variety of products, from smartphones and smart speakers to home appliances and wearables. With the introduction of new voice-forward products, device makers need to consider how to secure their cloud-connected devices. DEKRA is an Authorized Security Lab for Alexa and offers three device evaluation programs for Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs), and System Integrators (SI). The three device evaluation programs are Baseline Evaluation, Advanced Evaluation, and Full Evaluation. Read more about the services here.

    Amazon Alexa Logo

    What is an Alexa Built-in Product?

    Alexa is Amazon’s cloud-based voice service available on more than 100 million devices from Amazon and third-party device manufacturers. With Alexa, you can build natural voice experiences that offer customers a more intuitive way to interact with the technology they use every day. Amazon offers a collection of tools, APIs, reference solutions, and documentation to make it easier to build for Alexa.

    Alexa built-in is a category of devices created with the Alexa Voice Service (AVS) which have a microphone and speaker integrated. You can talk to these products directly with the wake word “Alexa,” and receive voice responses and content instantly. Alexa built-in devices offer multiple advantages, increase connectivity, automate processes, but at the same time increase exposure to possible external attacks. Therefore, it is necessary to evaluate security by understanding the ecosystem surrounding the devices. Nowadays, almost all devices are connected to the internet or a local network. If you want to integrate Alexa Voice Service (AVS) safely into your product, DEKRA test and certifies according the required requirements. We are here to help you with the safe integration of AVS into a variety of products. For more information about Alexa Voice Service (AVS), visit their page.

  • Why DEKRA?

    Safety

    Authorized security lab

    DEKRA is an Authorized Security Lab for Alexa. You can work directly with us and utilize our lab for security assessment of your final product. We will issue a report that you can submit to Amazon for validation and certification.

    icon cyber security

    Complete security evaluation

    DEKRA offers a security evaluation (baseline), adapted to be evaluated according to amazon security best practice. In Addition to the baseline evaluation, DEKRA offers two other evaluation levels to ensure the security in the device as well as its ecosystem.

    Globally recognized

    Global account management

    At DEKRA we support our customers on a global scale.

  • Authorized Security Lab for Alexa Voice Service

    DEKRA is an Authorized Security Lab for Alexa and offers three device evaluation programs for Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs), and System Integrators (SI).

    • Baseline Evaluation: An evaluation is performed of more than 20 test cases to ensure that security best practices are implemented focused on device itself.
    • Advanced Evaluation: In addition to baseline evaluation, it includes 10 additional test cases evaluating privacy issues, and more advanced analysis of hardware and firmware. In addition to this, an evaluation of the mobile application is included (if it exists).
    • Full Evaluation: In addition to everything included in the Advanced Evaluation, Full Evaluation includes a dynamic analysis of the Firmware as well as an evaluation of the cloud services.

    These test plans show the risks associated with an attack. To identify risks, vulnerabilities and security flaws based on the probability of exploitation in the products. It requires a comprehensive understanding of the full ecosystem– how everything works together. During the security evaluation, we may test the hardware, firmware, communications, mobile application, and web and cloud services.

    In the following table, you can find a summary of the services as well as the evaluation times:

     BaselineAdvancedFull
    AVS Security Best Practies AssessmentXXX
    Hardware AnalysisBasicAdvancedAdvanced
    Firmware AnalysisBasicBasicAdvanced
    Analaysis of Privacy Issues XX
    Mobile App Assessment XX
    Cloud Services Assessment  X
    Delivery Time7-10 days10-18 days15-30 days
    PriceContact UsContact UsContacts Us

     

    Security Requirements for Bluetooth or BLE Requirements for AMA

    The Alexa Developer Services Agreement requires that developers implement all reasonable security measures when developing AVS-enabled devices. Your device must meet the following minimum requirements for AMA integration.

    The devices’ Bluetooth set must meet the following requirements to support AMA:

    • Bluetooth v4.2 dual mode + LE compliance (with DLE support)
    • Standard pairing, authentication, link key, and encryption operation
    • BT Protocols support for SPP/A2DP/HFP /SDP/RFCOMM/SCO
    • Accessories that implement mSBC must be MFi Certified

    The Alexa Developer Services Agreement requires that developers implement all reasonable security measures when developing AVS-enabled devices. The devices shall meet the minimum requirements for AMA integration, you can check the requirements here.

    Remark: DEKRA could test all of the features and for some of them, DEKRA could also check if the feature is properly claimed at the Bluetooth Qualification (checking the ICS, aka Implementation Conformance Statement)