Hidden Voice Commands Can Compromise Mobile Devices
Among the multiple ways of compromising a mobile device, a new method was recently analyzed by researchers that humans can’t detect: hidden voice commands.
The research was driven by the emergence of voice interfaces for computers and was conducted on Android and iOS devices with the “Google Now” feature activated. With modern smartphones and wearable devices adopting an “always-on” model in which they continuously listen for possible voice input, researchers wanted to learn whether hidden commands that are unintelligible to human listeners could be issued.
In a paper (PDF) describing the experiment, researchers from Berkeley and Georgetown University revealed that hidden commands that are effective against existing systems can be issued, and that humans are unlikely to understand them and might not even notice them. The mobile devices, one the other hand, will react to these commands.
What researchers also discovered, was that such attacks can be performed only if the target device is within a given range, because the voice recognition systems were designed to filter background noise. While the device owner might recognize unwanted commands, researchers say that it is possible to broadcast hidden commands from a loudspeaker at an event or to embed them in a trending YouTube video.
Researchers also say that the severity of a hidden voice command depends upon what commands the targeted device will accept. Attackers could compromise devices to leak information (e.g., posting the user’s location on Twitter), to cause denial of service (e.g., activating airplane mode), or prepare the device for further attacks (e.g., opening a web page hosting drive-by malware).
What’s more, these hidden voice commands can be constructed with very little knowledge about the speech recognition system (black-box attacks), but attackers who possess such knowledge could construct hidden voice commands that humans cannot understand at all (white-box attacks), researchers say.
The paper reveals that attacks are successful if carried out at less than 3.5 meters from the target and that phones successfully recognized 60% of the obfuscated commands used in black-box attacks. Additionally, the researchers proved that, while humans can’t understand the obfuscated commands used in white-box attacks, the attack was successful in 82% of instances.
“While voice interfaces allow for increased accessibility and potentially easier human-computer interaction, they are at the same time susceptible to attacks: Voice is a broadcast channel open to any attacker that is able to create sound within the vicinity of a device. This introduces an opportunity for attackers to try to issue unauthorized voice commands to these devices,” researchers say.
In addition to describing their attack in the aforementioned paper, the researchers also present a series of defenses that could be used to prevent such attacks, including alerting the user that a voice command was received. Additionally, they propose that devices seek confirmation for the issued command, but also say that defenses that detect and prevent such attacks are also possible.
