|Hacking Alexa By Whispering In Her Ear|
|Written by Harry Fairhead|
|Monday, 28 August 2017|
Apologies for the over-the-top headline. The technique works with any voice-driven assistant and, yes I know, Alexa doesn't have ears. The idea is simple and it seems fairly effective. It allows you to get voice commands to Alexa that that are inaudible to people in the same room.
The argment goes that voice responsive assistants don't need much in the way of security because if someone in the room says
"Alexa - wipe all the storage devices"
then the chances are you would hear them and put a stop to the evil plan. There are times when this goes wrong, of course. What if someone on the radio says that same thing, but mostly we tend to assume that voice input cannot be covert.
We might have to rethink this assumption due to some interesting experiments at Princeton Department of Electrical Engineering. Liwei Song and Prateek Mittal have managed to get Alexa to respond to a voice input that no-one else can hear. The trick is to use an ultrasound source which is so high pitched that it is outside of the range of human hearing. Of course you might object that if humans can't hear it then neither can Alexa, but as stated in the intorduction Alexa doesn't have ears. Instead there is a microphone, an amplifier feeding a low pass filter, and an A to D convertor.
These are designed to be as linear as possible but there is always some non-linear distortion. It is also a well-known phenomenon that a non-linear system will generate beat frequencies that are the difference between two notes:
"Our attack intuition is to exploit the intermodulation to obtain normal voice frequencies from the processing of ultrasound frequencies. For example, if we play an ultrasound with two frequencies 25kHz and 30kHz, the listening microphone will record the signal with the frequency of 30kHz − 25kHz = 5kHz, while other frequencies are filtered out by the LPF."
Sounds easy, well no it doesn't really, but starting with a recording of the command that you want to send you can shift it up into the utrasound range, above 28KHz, and you can also send a carrier frequency that will beat with it to produce a signal in the audio range when demodulated by the microphone.
You can see, and hear it in action in the following video:
The details of how good it is are also interesting:
"We further examine our ultrasound attack range for two devices: an Android phone and an Amazon Echo, where we try to spoof voice commands “OK Google, turn on airplane mode”, and “Alexa, add milk to my shopping list”, respectively. The following table shows the relationship between the attack range and the speaker’s input power.
We can see that the attack range is positively correlated to the speaker’s power. The attack range of our approach is less for Amazon Echo compared to the Android phone, since its microphone is plastic covered. "
Could this be a real security problem?
You would need to place an ultrasound transducer close to the voice assistant and hence have access to the room. What about using speakers in phones, PCs and other devices? While it might be possible to generate frequencies that are regarded as ultrasound, you would be lucky to get much power at even 22KHz and 25KHz is a cut off for most devices.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Monday, 28 August 2017 )|