Malicious Siri Commands Can Be Hidden In Songs

Malicious Siri Commands Can Be Hidden In Songs

Malicious Siri Commands Can Be Hidden In Songs

A new study claims that Google Assistant, and other voice command-based AI services like Alexa and Siri, may be vulnerable to subsonic commands.

While the undetected voice commands demonstrated by the researchers are harmless, it is easy how attackers can exploit the technique.

By demonstrating the feasibility of subliminal commands hidden in music and other audio recordings, the researchers hope to create awareness around the potential dangers this entails, and encourage the industry to better secure speech recognition.

This is something that has only been done in lab conditions but speaking about the findings, which follow on from a study conducted in 2016 by the team, Nicholas Carlini, one of the paper's authors said: "My assumption is that the malicious people already employ people to do what I do".

The microphones and software that runs assistants such as Alexa and Google Now can pick up frequencies above 20Khz, which is the limit of the audible range for human ears.

While the commands may go unheard by humans, the low-frequency audio commands can be picked up, recovered and then interpreted by speech recognition systems.

More news: Nepal comes first in Indias Neighbourhood First policy: Modi
More news: 'Fortnite' Players Are Editing Dancing Thanos Into Marvel Movie Scenes
More news: Explosive event possible at Hawaii volcano — Geologists

Apple has additional features to prevent the HomePod speaker from unlocking doors.

Digital assistant security problems are not new. One method called DolphinAttack even muted the target phone before issuing inaudible commands, so the owner wouldn't hear the device's responses.

That warning was borne out in April, when researchers at the University of IL at Urbana-Champaign demonstrated ultrasound attacks from 71/2 metres away. While DolphinAttacks require the transmitter to be placed in close proximity to the smart device receiving the hidden message, last month researchers were able to send these subliminal message via ultrasound from 25 feet away. While the commands couldn't penetrate walls, they could control smart devices through open windows from outside a building. In it, Carlini and Wagner claim that they were able to fool Mozilla's open-source DeepSpeech voice-to-text engine by hiding a secret, inaudible command within audio of a completely different phrase. The group provided samples of songs where voice commands have been embedded to make digital assistants do specific things, including visiting websites, turning on Global Positioning System, and making phone calls.

The Berkeley group also embedded the command in music files, including a four-second clip from Verdi's Requiem.

Tavish Vaidya, a researcher at Georgetown, said: "Companies have to ensure user-friendliness of their devices, because that's their major selling point".

Mr Carlini said he was confident that in time he and his colleagues could mount successful adversarial attacks against any smart device system on the market.

Recommended News

  • SpaceX makes rocket launches look easy, nails 25th Falcon 9 landing

    He's stated that his objective is always to launch exactly the identical booster twice within just 24 hours. SpaceX tweeted a photo of the Falcon 9 as the rocket's first and second stage parted ways.

    Bank of England Hits a 'Temporary Soft Patch'

    He added: 'However, the Bank is also anxious that the underlying pace of economic growth may have in fact waned so far this year. Currently, the Bank of England rate stands at 0,5% and is expected to rise to 0,75%, probably later this summer rather than now.
    CDC Campaign Warning Of Tick Bites Trigger Social Media Frenzy

    CDC Campaign Warning Of Tick Bites Trigger Social Media Frenzy

    Others pointed out that this was a good way to get people's attention and raise awareness of an important issue . What may have seemed like a clever tweet to warn people about ticks, quickly backfired.
  • Chelsea's Antonio Conte says future will be 'more clear' in next week

    Chelsea's Antonio Conte says future will be 'more clear' in next week

    The three teams going down are Stoke, West Bromwich Albion and, nearly certainly, Swansea . If they're to beat Stoke handily, they'll be looking to Jordan Ayew to supply the goals .
    The Premier League weekend analysed through XI players

    The Premier League weekend analysed through XI players

    Guardiola - one of the most cultured midfielders of his generation - was comfortably the most decorated player on the field. It was an old team, 10 or 11 players more than 31 years old and we needed to change that. "One, maybe two (signings)".
    Australian scientists welcome boosts in in new federal budget

    Australian scientists welcome boosts in in new federal budget

    Councils have called on the Federal Government to restore the grants to a level equal to 1 per cent of Commonwealth tax revenue - a level of payment not seen since 1996.
  • All-party meeting to push for 'Ramzan ceasefire', talks with Pakistan

    All-party meeting to push for 'Ramzan ceasefire', talks with Pakistan

    Sethi said militants were demoralised due to Army action and a unilateral ceasefire would ease pressure and allow them to regroup.

    Viewership For This Week's Episode Of WWE SmackDown Live

    Aside from being the least watched Smackdown this year, they haven't drawn a number this bad since the 2017 Halloween episode. The 2018 Money In the Bank pay-per-view takes place on June 17th from the Allstate Arena near Chicago in Rosemont, IL.
    In Kenya, a dam was broken: tens victims

    In Kenya, a dam was broken: tens victims

    NAIROBI, KENYA-Villagers said it started with a loud rumble, then houses collapsed one by one under an approaching wall of water. His property is also home to two other dams that residents say are full and could soon burst, as well.
  • Android P will indeed have a 'Clear All' button

    Android P will indeed have a 'Clear All' button

    Who Gets the Android P Beta? Or copy text from images of menus, documents and other sources into another app on your phone. This feature has been one of the top requests and you'll be able to turn on Continued Conversation in the coming weeks.
    Snapchat Launches A New Redesign After Listening To Users' Feedback

    Snapchat Launches A New Redesign After Listening To Users' Feedback

    The latest changes actually go a long way toward restoring peace and tranquility for subscribers of the messaging app. At this point in time, the update is rolling out to the " majority " of iOS users with the rest soon to follow.
    Israel hits Iranian posts in Syria: What we know

    Israel hits Iranian posts in Syria: What we know

    Conricus said Israel was not looking to escalate the situation but that troops will continue to be on "very high alert". A broadcaster on Iranian state television described the Israeli attack as "unprecedented" since the 1967 Six-Day War.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.