F-Secure named Authorized Security Lab for Amazon’s Alexa Voice Services


Thread author
Staff member
Malware Hunter
Jul 27, 2015
F-Secure Consulting – cyber security provider F-Secure’s research-led, multidisciplinary consultancy – has earned the distinction of becoming one of Amazon’s few Authorized Security Labs (ASL) trusted to assess Alexa Built-in devices against Alexa Voice Services’ (AVS) security requirements.

Alexa Built-in devices are a range of products – such as headphones, speakers, streaming devices, and more – from different vendors that are built to work with Amazon’s Alexa virtual assistant. To ensure these devices provide the level of security users expect from Alexa-integrated products, Amazon has authorized select companies across the globe to assess the security of these devices against AVS requirements. Thanks to F-Secure Consulting’s unique expertise in securing integrated products, Amazon has designated it as an official ASL for AVS. As an ASL, F-Secure Consulting will assess the security of Alexa Built-in devices against security requirements drafted by AVS. “Our team’s unique makeup of breakers and builders gives us a comprehensive understanding of how to build security into integrated products,” said F-Secure Consulting’s Head of Hardware Security Andrea Barisani. “We have a record of helping clients take their products from the drawing table to production by helping them secure the hardware, software, firmware, and interaction between these components. We’re thrilled with the opportunity to share our expertise with device vendors and help them secure the Alexa devices they’re bringing to the market.”

Securing the range of Alexa Built-in devices from different companies poses challenges for both Amazon and the device vendors. Vendors need to ensure their devices comply with Alexa Voice Services’ security requirements while facing other logistical pressures of launching new products. Amazon’s challenge is to exercise quality control over the security of an increasing number of Alexa Built-in devices, which requires an in-depth understanding of securing integrated products that’s rare within the cyber security industry.