Voice assistants like Alexa and Siri vulnerable to DolphinAttack 'silent' hacks

Voice assistants can respond to orders inaudible to the human ear, claim researchers at Zhejiang University

Researchers at a university in China claim to have devised a means of sending commands to voice recognition systems, such as Amazon Alexa and Apple's Siri, using commands inaudible to the human ear.

The Zhejiang University researchers call the attack method "DolphinAttack", after the way in which dolphins communicate. The attack works against all popular speech recognition systems including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa.

The attack simply involves translating vocal commands into ultrasonic frequencies. While they are inaudible to the human ear, they can be picked up by the microphones on Amazon Echos, Google Assistants, and Samsung Galaxy and Apple iPhone smartphones.

The attack, claim the researchers, could order a MacBook to open a website bearing malicious code without the user being aware. Voice-powered in-car satellite navigation systems, they add, could be ordered to change their destination.

By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone

"This paper aims at examining the feasibility of the attacks that are difficult to detect, and the paper is driven by the following key questions:

• Can voice commands be inaudible to human while still being audible to devices and intelligible to speech recognition systems?
• Can injecting a sequence of inaudible voice commands lead to unnoticed security breaches to the voice controllable systems?

To answer these questions, we designed DolphinAttack," the researchers write in their paper.

It continues: "By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions."

"We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks."