Researchers claim they can hide AI assistant commands in music and spoken text
This latest exploit was discovered by researchers from University of California, Berkeley, who claim in a new paper they can embed secret commands into recordings of music or spoken text.
These commands are heard and acted upon by the AI assistants, but cannot be heard by humans, who instead only hear the music or spoken text. The researchers had previously shown how commands could be hidden in white noise played through YouTube videos, but now they are even more subtle.
"We wanted to see if we could make it even more stealthy," Nicholas Carlini, Ph.D student and one of the research paper's authors told the New York Times.
Carlini said there was no evidence that such techniques had been used outside of the lab, but reasoned it may only be a matter of time before someone acts maliciously. "My assumption is that the malicious people already employ people to do what I do," he added.
This latest research comes after a paper was published in September 2017 revealing how Siri, Alexa and others can be controlled with 'ultrasounds' inaudible to humans, in a technique dubbed the Dolphin Attack.
On the surface, controlling a smart speaker may not seem like a worthwhile hack. You could stealthily add items to the owner's Amazon shopping list by issues covert messages to Alexa, for example. But if the assistant is used by its owner to control smart home devices, it becomes another matter.
AI like Alexa and Google Assistant are used to unlock doors, open garage doors and control many other smart home devices. The implications of unlocking doors is obvious, but pranks could also see Alexa or Google Assistant used to flood a garden with the smart sprinkler system, switch off a home's lights, or turn the heating up while the owner is away.
Despite their apparent smartness, devices like the Amazon Echo and Google Home often struggle with their hearing. GearBrain's own Echo Dot regularly starts listening when it shouldn't, because it thought it heard the 'Alexa' hotword. Both Amazon and Google devices can be activated when they hear instructions on a nearby television, such as during a commercial, as they cannot tell the difference between a person talking to them in the same room, and a voice coming from another speaker.
Although this seems like a fairly niche form of cyber attack for now, the digital assistant market is set to grow enormously in the coming years. By 2021, research firm Ovum predicts there will be more digital assistants than people, at 7.5 billion worldwide, with Google Assistant by far the most popular. By 2022, Juniper Research predicts that half of American households will contain at least one smart speaker; it also predicts that by the same year, US smartphone users will regularly interact with three voice assistant platforms.
Apple, Amazon and Google all say they are taking measures to keep their voice assistants secure; for example, Siri on the HomePod cannot be used to unlock doors, while Alexa can be given a security PIN to prevent it making purchases without the owner's permission.