Authorized Security Lab for Alexa Voice Service
DEKRA is an Authorized Security Lab for Alexa and offers three device evaluation programs for Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs), and System Integrators (SI).
- Baseline Evaluation: An evaluation is performed of more than 20 test cases to ensure that security best practices are implemented focused on device itself.
- Advanced Evaluation: In addition to baseline evaluation, it includes 10 additional test cases evaluating privacy issues, and more advanced analysis of hardware and firmware. In addition to this, an evaluation of the mobile application is included (if it exists).
- Full Evaluation: In addition to everything included in the Advanced Evaluation, Full Evaluation includes a dynamic analysis of the Firmware as well as an evaluation of the cloud services.
These test plans show the risks associated with an attack. To identify risks, vulnerabilities and security flaws based on the probability of exploitation in the products. It requires a comprehensive understanding of the full ecosystem– how everything works together. During the security evaluation, we may test the hardware, firmware, communications, mobile application, and web and cloud services.
In the following table, you can find a summary of the services as well as the evaluation times:
|AVS Security Best Practies Assessment||X||X||X|
|Analaysis of Privacy Issues|| ||X||X|
|Mobile App Assessment|| ||X||X|
|Cloud Services Assessment|| || ||X|
|Delivery Time||7-10 days||10-18 days||15-30 days|
|Price||Contact Us||Contact Us||Contacts Us|
Security Requirements for Bluetooth or BLE Requirements for AMA
The Alexa Developer Services Agreement requires that developers implement all reasonable security measures when developing AVS-enabled devices. Your device must meet the following minimum requirements for AMA integration.
The devices’ Bluetooth set must meet the following requirements to support AMA:
- Bluetooth v4.2 dual mode + LE compliance (with DLE support)
- Standard pairing, authentication, link key, and encryption operation
- BT Protocols support for SPP/A2DP/HFP /SDP/RFCOMM/SCO
- Accessories that implement mSBC must be MFi Certified
The Alexa Developer Services Agreement requires that developers implement all reasonable security measures when developing AVS-enabled devices. The devices shall meet the minimum requirements for AMA integration, you can check the requirements here.
Remark: DEKRA could test all of the features and for some of them, DEKRA could also check if the feature is properly claimed at the Bluetooth Qualification (checking the ICS, aka Implementation Conformance Statement)