On iPhone SE
On Amazon Echo
In the supermarket
Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems (VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though ‘hidden’, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei, HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.
Table: Experiment devices, systems, and results
Ultrasonic Voice Commands Can Hijack Siri and Amazon Echos WIRED 'Dolphin' attacks fool Amazon, Google voice assistants BBC Secret Ultrasonic Commands Can Control Your Smartphone, Say Researchers MIT Technology Review 对不起，你的手机被“无声”操控了 Zhejiang University
Wenyuan Xu : email@example.com Xiaoyu Ji : firstname.lastname@example.org
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu . DolphinAttack: Inaudible Voice Commands. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2017.PDF