Hacking Alexa By Whispering In Her Ear
Written by Harry Fairhead   
Monday, 28 August 2017

Apologies for the over-the-top headline. The technique works with any voice-driven assistant and, yes I know, Alexa doesn't have ears. The idea is simple and it seems fairly effective. It allows you to get voice commands to Alexa that that are inaudible to people in the same room.

The argment goes that voice responsive assistants don't need much in the way of security because if someone in the room says

"Alexa - wipe all the storage devices"

then the chances are you would hear them and put a stop to the evil plan. There are times when this goes wrong, of course. What if someone on the radio says that same thing, but mostly we tend to assume that voice input cannot be covert.

We might have to rethink this assumption due to some interesting experiments at Princeton Department of Electrical Engineering.  Liwei Song and Prateek Mittal have managed to get Alexa to respond to a voice input that no-one else can hear. The trick is to use an ultrasound source which is so high pitched that it is outside of the range of human hearing. Of course you might object that if humans can't hear it then neither can Alexa, but as stated in the intorduction Alexa doesn't have ears. Instead there is a microphone, an amplifier feeding a low pass filter, and an A to D convertor. 

voice2

These are designed to be as linear as possible but there is always some non-linear distortion. It is also a well-known phenomenon that a non-linear system will generate beat frequencies that are the difference between two notes:

"Our attack intuition is to exploit the intermodulation to obtain normal voice frequencies from the processing of ultrasound frequencies. For example, if we play an ultrasound with two frequencies 25kHz and 30kHz, the listening microphone will record the signal with the frequency of 30kHz − 25kHz = 5kHz, while other frequencies are filtered out by the LPF."

Sounds easy, well no it doesn't really, but starting with a recording of the command that you want to send you can shift it up into the utrasound range, above 28KHz, and you can also send a carrier frequency that will beat with it to produce a signal in the audio range when demodulated by the microphone.

voice3

You can see, and hear it in action in the following video:

 

The details of how good it is are also interesting:

"We further examine our ultrasound attack range for two devices: an Android phone and an Amazon Echo, where we try to spoof voice commands “OK Google, turn on airplane mode”, and “Alexa, add milk to my shopping list”, respectively. The following table shows the relationship between the attack range and the speaker’s input power.

voice1

We can see that the attack range is positively correlated to the speaker’s power. The attack range of our approach is less for Amazon Echo compared to the Android phone, since its microphone is plastic covered. "

Could this be a real security problem?

You would need to place an ultrasound transducer close to the voice assistant and hence have access to the room. What about using speakers in phones, PCs and other devices? While it might be possible to generate frequencies that are regarded as ultrasound, you would be lucky to get much power at even 22KHz and 25KHz is a cut off for most devices.  

voice4icon

More Information

Inaudible Voice Commands

Related Articles

Chirp - A New Way To Send Data

Extracting Audio By Watching A Potato Chip Packet

Audio Super Resolution

See Invisible Motion, Hear Silent Sounds Cool? Creepy? 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

 

Banner


JConference January 2024 Sessions Now Online
23/02/2024

The talks presented at the 4th JChampions Conference which took place between Jan 25 to Jan 30, are now available for free on YouTube. Topics ranged from Code and Tech to Career Advice.



Ibis 8 Adds Streaming
05/03/2024

Ibis 8.0 has been released with stream processing backends. The new release includes Apache Flink as a streaming backend, and RisingWave, a streaming database backend. There's also a new batch backend [ ... ]


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

 

 

 

 

 

 

Last Updated ( Monday, 28 August 2017 )