BarrierBypass: Out-of-Sight Clean Voice Command Injection Attacks through Physical Barriers
Pages 203 - 214
Abstract
The growing adoption of voice-enabled devices (e.g., smart speakers), particularly in smart home environments, has introduced many security vulnerabilities that pose significant threats to users' privacy and safety. When multiple devices are connected to a voice assistant, an attacker can cause serious damage if they can gain control of these devices. We ask where and how can an attacker issue clean voice commands stealthily across a physical barrier, and perform the first academic measurement study of this nature on the command injection attack. We present the BarrierBypass attack that can be launched against three different barrier-based scenarios termed across-door, across-window, and across-wall. We conduct a broad set of experiments to observe the command injection attack success rates for multiple speaker samples (TTS and live human recorded) at different command audio volumes (65, 75, 85 dB), and smart speaker locations (0.1-4.0m from barrier). Against Amazon Echo Dot 2, BarrierBypass is able to achieve 100% wake word and command injection success for the across-wall and across-window attacks, and for the across-door attack (up to 2 meters). At 4 meters for the across-door attack, BarrierBypass can achieve 90% and 80% injection accuracy for the wake word and command, respectively. Against Google Home mini BarrierBypass is able to achieve 100% wake word injection accuracy for all attack scenarios. For command injection BarrierBypass can achieve 100% accuracy for all the three barrier settings (up to 2 meters). For the across-door attack at 4 meters, BarrierBypass can achieve 80% command injection accuracy. Further, our demonstration using drones yielded high command injection success, up to 100%. Overall, our results demonstrate the potentially devastating nature of this vulnerability to control a user's device from outside of the device's physical space, and its limitations, without the need for complex and error-prone command injection.
Supplementary Material
Presentation video describing BarrierBypass, our clean voice command injection attack that works across physical barriers. In this video we detail the motivation, contributions, threat scenario, methodology and experimentation, results, and summarize our observations. We also describe our drone-based experimentation, demonstrating the attack in a remote setting, and our preliminary signal analysis identifying potential indicators of command audio with higher success rates for injection. Our results indicate the scenarios and parameter settings in which a clean voice command injection attack can be successful, and the limiting factors that an attacker must overcome. We were able to achieve 100% wake word and command injection success in each of our three barrier-based attack scenarios.
- Download
- 295.26 MB
References
[1]
[n. d.]. Free Text-To-Speech and Text-to-MP3 for US English. https://ttsmp3.com/.
[2]
Soundproof Windows Inc. [n. d.]. STC Ratings. Soundproof Windows Inc. https: //www.soundproofwindows.com/stc-ratings/.
[3]
Soundproofing Company Inc. [n. d.]. Understanding STC and STC Ratings. Soundproofing Company Inc. https://www.soundproofingcompany.com/ soundproofing_101/understanding-stc-and-stc-ratings.
[4]
2016. ASTM E413--16: Classification for Rating Sound Insulation. https:// www.astm.org/e0413--16.html.
[5]
2017. ASTM C423--17: Standard Test Method for Sound Absorption and Sound Absorption Coefficients by the Reverberation Room Method. https://www.astm.org/ c0423--17.html.
[6]
Archtoolbox 2021. Architectural Acoustics - Controlling Sound. Archtoolbox. https://www.archtoolbox.com/materials-systems/architectural-concepts/ acoustics.html.
[7]
Hadi Abdullah, Washington Garcia, Christian Peeters, Patrick Traynor, Kevin R. B. Butler, and Joseph N. Wilson. 2019. Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems. ArXiv abs/1904.05734 (2019).
[8]
Hadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, and Patrick Traynor. 2021. SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems. In IEEE Symposium on Security and Privacy. 730--747.
[9]
Mae Anderson. 2017. Burger King's Ad Exposed Voice Assistants' Hackability. https://www.inc.com/associated-press/burger-king-ad-voice-assistantssiri- alexa-google.html.
[10]
Logan Blue, Hadi Abdullah, Luis Vargas, and Patrick Traynor. 2018. 2MA: Verifying Voice Commands via Two Microphone Authentication. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (Incheon, Republic of Korea) (ASIACCS '18). Association for Computing Machinery, New York, NY, USA, 89--100. https://doi.org/10.1145/3196494.3196545
[11]
Logan Blue, Luis Vargas, and Patrick Traynor. 2018. Hello, Is It Me You're Looking For? Differentiating Between Human and Electronic Speakers for Voice Interface Security. In Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks (Stockholm, Sweden) (WiSec '18). Association for Computing Machinery, New York, NY, USA, 123--133. https://doi.org/10.1145/ 3212480.3212505
[12]
Nicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Michael E. Sherr, Clay Shields, David A. Wagner, and Wenchao Zhou. 2016. Hidden Voice Commands. In USENIX Security Symposium.
[13]
Ziv Chang. 2019. Inside the Smart Home: IoT Device Threats and Attack Scenarios. https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/ inside-the-smart-home-iot-device-threats-and-attack-scenarios.
[14]
Jon Chase. 2022. The Best Smart Locks. https://www.nytimes.com/wirecutter/ reviews/the-best-smart-lock/.
[15]
Héctor Delgado, Nicholas W. D. Evans, Tomi H. Kinnunen, Kong-Aik Lee, Xuechen Liu, Andreas Nautsch, Jose Patino, Md. Sahidullah, Massimiliano Todisco, Xin Wang, and Junichi Yamagishi. 2021. ASVspoof 2021: Automatic Speaker Verification Spoofing and Countermeasures Challenge Evaluation Plan. ArXiv abs/2109.00535 (2021).
[16]
Domininc. 2021. How To Soundproof A Cardboard Box At Home In 8 Simple Steps. https://soundproofcentral.com/soundproof-cardboard-box/.
[17]
Serife Seda Kucur Ergunay, Elie el Khoury, Alexandros Lazaridis, and Sébastien Marcel. 2015. On the vulnerability of speaker verification to realistic voice spoofing. 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS) (2015), 1--6.
[18]
EverythingPromo. 2021. MINI PORTABLE WIRELESS SPEAKER. https:// www.everythingpromo.com/mini-portable-wireless-speaker.
[19]
Fully Needed. 2021. Wireless Drone Megaphone Aerial Broadcasting Speaker. https://www.fullyneeded.com/products/wireless-drone-megaphoneaerial- broadcasting-speaker.
[20]
Juan Guo, Liang Chen, Haoran Sun, Aidong Xu, Zeguang Li, Yinwei Zhao, Yixin Jiang, Tengyue Zhang, and Yunan Zhang. 2021. A Defense Method Based on a Novel Replay Attack. 2021 IEEE International Conference on Power Electronics, Computer Applications (ICPECA) (2021), 277--281.
[21]
Janet Hurley. 2022. Waterloo researchers make device that can ?see' through walls. What does it mean for your privacy? https://www.thestar.com/news/gta/2022/ 11/05/waterloo-researchers-make-device-that-can-see-through-walls-whatdoes- it-mean-for-your-privacy.html.
[22]
Corentin Jemine. 2022. Real-Time Voice Cloning. https://github.com/CorentinJ/ Real-Time-Voice-Cloning.
[23]
Ye Jia, Yu Zhang, Ron J. Weiss, Quan Wang, Jonathan Shen, Fei Ren, Zhifeng Chen, Patrick Nguyen, Ruoming Pang, Ignacio Lopez Moreno, and Yonghui Wu. 2018. Transfer Learning from Speaker Verification to Multispeaker Text-to- Speech Synthesis. In Proceedings of the 32nd International Conference on Neural Information Processing Systems (Montréal, Canada) (NIPS'18). Curran Associates Inc., Red Hook, NY, USA, 4485--4495.
[24]
Grayson Kemper. 2020. What Are the Main Security Risks With Smart Home Automation? https://www.byteant.com/blog/what-are-the-main-security-riskswith- smart-home-automation/.
[25]
Ainsley Lawrence. 2021. Threats to Smart Home Security and How to Counter Them. https://techspective.net/2021/12/27/threats-to-smart-home-security-andhow- to-counter-them/.
[26]
Emily Long. 2019. How to Keep Commercials from Activating Your Smart Speaker. https://lifehacker.com/how-to-keep-commercials-from-activatingyour- smart-spea-1831437974.
[27]
Ryan Mchugh. [n. d.]. A Guide to Interior Door Sound Ratings. Home Advancement. https://www.homeadvancement.com/doors/interior-doors/sound-ratings.
[28]
Mic University. 2021. Facts About Speech Intelligibility. https:// www.dpamicrophones.com/mic-university/facts-about-speech-intelligibility.
[29]
Rambus. [n. d.]. Smart Home: Threats and Countermeasures. https:// www.rambus.com/iot/smart-home/.
[30]
Manasa Reddigari. 2019. The 10 Biggest Security Risks in Today's Smart Home. https://www.bobvila.com/slideshow/the-10-biggest-security-risks-intoday- s-smart-home-53081.
[31]
Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu. 2020. Light Commands: Laser-Based Audio Injection Attacks on Voice- Controllable Systems. In USENIX Security Symposium.
[32]
Don Vandervort. 2021. Soundproofing Walls and Ceilings. https: //www.hometips.com/diy-how-to/soundproofing-insulation-wallsceilings. html.
[33]
YiWu, Xiangyu Xu, PaWalker, Jian Liu, Nitesh Saxena, Yingying Chen, and Jiadi Yu. 2021. HVAC: Evading Classifier-based Defenses in Hidden Voice Attacks. Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (2021).
[34]
Candid Wueest. 2017. A guide to the security of voice-activated smart speakers. https://docs.broadcom.com/doc/istr-security-voice-activated-smartspeakers- en.
[35]
Candid Wueest. 2017. Everything You Need to Know About the Security of Voice- Activated Smart Speakers. https://symantec-enterprise-blogs.security.com/blogs/ threat-intelligence/security-voice-activated-smart-speakers.
[36]
Chen Yan, Guoming Zhang, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu. 2021. The Feasibility of Injecting Inaudible Voice Commands to Voice Assistants. IEEE Transactions on Dependable and Secure Computing 18 (2021), 1108--1124.
[37]
Sung-Hyun Yoon, Min-Sung Koh, Jae han Park, and Ha jin Yu. 2020. A New Replay Attack Against Automatic Speaker Verification Systems. IEEE Access 8 (2020), 36080--36088.
[38]
Young Ninos. 2021. 2021 Drone with Camera and Speaker. https://youngninos.com/ products/2019-drone-with-camera-and-speaker.
[39]
Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, XiaofengWang, and Carl A. Gunter. 2018. CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. In USENIX Security Symposium.
[40]
Lei Zhang, Yan Meng, Jiahao Yu, Chong Xiang, Brandon Falk, and Haojin Zhu. 2020. Voiceprint Mimicry Attack Towards Speaker Verification System in Smart Home. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications (2020), 377--386.
[41]
Man Zhou, Zhan Qin, Xiu Lin, Shengshan Hu, Qian Wang, and Kui Ren. 2019. Hidden Voice Commands: Attacks and Defenses on the VCS of Autonomous Driving Cars. IEEE Wireless Communications 26 (2019), 128--133.
Index Terms
- BarrierBypass: Out-of-Sight Clean Voice Command Injection Attacks through Physical Barriers
Recommendations
IUAC: Inaudible Universal Adversarial Attacks Against Smart Speakers
Intelligent voice systems are widely utilized to control smart home applications, which raises significant privacy and security concerns. Recent studies have revealed their vulnerability to adversarial attacks, replay attacks, etc. However, these attacks ...
Defining code-injection attacks
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as ...
Defining code-injection attacks
POPL '12This paper shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as ...
Comments
Information & Contributors
Information
Published In
May 2023
394 pages
ISBN:9781450398596
DOI:10.1145/3558482
- General Chairs:
- Ioana Boureanu,
- Steve Schneider,
- Program Chairs:
- Bradley Reaves,
- Nils Ole Tippenhauer
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 June 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
WiSec '23: 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 29 - June 1, 2023
Guildford, United Kingdom
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 212Total Downloads
- Downloads (Last 12 months)175
- Downloads (Last 6 weeks)19
Reflects downloads up to 03 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in