On iPhone SE

On Amazon Echo

In the supermarket

Introduction

Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems (VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though ‘hidden’, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei, HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.

Table: Experiment devices, systems, and results

How it works

In the news

Ultrasonic Voice Commands Can Hijack Siri and Amazon Echos    WIRED
'Dolphin' attacks fool Amazon, Google voice assistants    BBC
Secret Ultrasonic Commands Can Control Your Smartphone, Say Researchers    MIT Technology Review
对不起，你的手机被“无声”操控了    Zhejiang University

Contact us

Wenyuan Xu : wyxu@zju.edu.cn
Xiaoyu Ji : xji@zju.edu.cn