Since the 1970s, pop and rock bands were accused of hiding subliminal messages in their music. It turns out that backmasking was real after all. Embedding hidden messages without the listener’s awareness is a new security threat facing smartphone users, thanks to increasingly advanced voice recognition features such as Google Now and Apple’s Siri.
Reseachers from University of California, Berkeley and Georgetown University will present a paper on Hidden Voice Commands at the USENIX Security Symposium in Austin, Texas in August. It will detail how voice interface devices can be attacked with hidden voice commands that are unintelligible to human listeners but can be interpreted by devices.
Depending on the device, attacks can lead to information leakage (such as posting the user’s location on Twitter); cause denial of service (activating airplane mode); or lead to further attacks (opening a webpage hosting drive-by malware), said the paper. Such commands can be embedded into a trending YouTube video or music broadcast from a loudspeaker at an event or the public address system of offices, elevators and malls.
“A possible scenario could be a million people watch a kitten video and 10,000 of them have their phones nearby and 5,000 of those phones obey the attacker’s voice commands and load a URL with malware on it,” said Micah Sherr, a professor with Georgetown University and one of the paper’s researchers.
The paper said hidden voice commands can be constructed even with very little knowledge about the speech recognition system. Attackers with significant knowledge of speech recognition systems can construct hidden voice commands that humans cannot understand at all.
The paper also uploaded samples of the hidden voice commands they used.
The paper proposes several defense options but noted that they come with performance trade-offs. Technology companies may be trying to cater to the public and be unwilling to trade security for lack of sales, Sherr said.