Nonsense Attacks on Google Assistant
Mary K. Bispham, Ioannis Agrafiotis, Michael Goldsmith
TL;DR
This paper demonstrates that voice-controlled digital assistants can be covertly manipulated using nonsensical sound sequences that trigger commands without human understanding, posing security risks.
Contribution
It introduces a novel attack method using nonsensical sounds to covertly issue commands to voice assistants, highlighting a new security vulnerability.
Findings
Nonsensical sound sequences can trigger commands in voice assistants.
Humans cannot understand or detect these hidden commands.
The attack demonstrates a significant security risk for speech-controlled devices.
Abstract
This paper presents a novel attack on voice-controlled digital assistants using nonsensical word sequences. We present the results of experimental work which demonstrates that it is possible for malicious actors to gain covert access to a voice-controlled system by hiding commands in apparently nonsensical sounds of which the meaning is opaque to humans. Several instances of nonsensical word sequences were identified which triggered a target command in a voice-controlled digital assistant, but which were incomprehensible to humans, as shown in tests with human experimental subjects. Our work confirms the potential for hiding malicious voice commands to voice-controlled digital assistants or other speech-controlled devices in speech sounds which are perceived by humans as nonsensical.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Social Robot Interaction and HRI · Adversarial Robustness in Machine Learning