Evaluating Synthetic Command Attacks on Smart Voice Assistants
Recent advances in voice synthesis, coupled with the ease with which speech can be harvested for millions of people, introduce new threats to applications that are enabled by devices such as voice assistants (e.g., Amazon Alexa, Google Home etc.). We explore if unrelated and limited amount of speech...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Recent advances in voice synthesis, coupled with the ease with which speech
can be harvested for millions of people, introduce new threats to applications
that are enabled by devices such as voice assistants (e.g., Amazon Alexa,
Google Home etc.). We explore if unrelated and limited amount of speech from a
target can be used to synthesize commands for a voice assistant like Amazon
Alexa. More specifically, we investigate attacks on voice assistants with
synthetic commands when they match command sources to authorized users, and
applications (e.g., Alexa Skills) process commands only when their source is an
authorized user with a chosen confidence level. We demonstrate that even simple
concatenative speech synthesis can be used by an attacker to command voice
assistants to perform sensitive operations. We also show that such attacks,
when launched by exploiting compromised devices in the vicinity of voice
assistants, can have relatively small host and network footprint. Our results
demonstrate the need for better defenses against synthetic malicious commands
that could target voice assistants. |
---|---|
DOI: | 10.48550/arxiv.2411.08316 |