Voice assistants can be hacked by commanding them with inaudible ultrasonic speech

Originally published at: https://boingboing.net/2017/09/07/flipper-faster-than-lightning.html


The attack owes its efficacy to the devices’ use of ultrasonic for signaling to establish contact with one another, and as a means of resolving ambiguity and nuance in speech recognition.

No, it does not. The paper directly contradicts this. The microphone hardware output is filtered to only audible frequencies (see section 3) and the attack isn’t exploiting the voice recognition software.

The way the attack works is cleverer than that: it amplitude-modulates an ultrasonic carrier wave with the (regular audio frequency) voice signal. (AM radio works the same way, but with a carrier in the megahertz range.) There are inadvertent nonlinearities in the microphone hardware that end up de-modulating the signal, resulting in portions of the voice waveform appearing in the output.

This is a pretty awesome hack, and not due to any kind of stupidity or culpability by the device makers.



But this seems like a trivial thing to patch.

Fearmongering, or a classic example of security research doing its job?


But this seems like a trivial thing to patch

I don’t think so. It’s a vulnerability in the mic hardware, not in software. Read the paper itself, not just the misinformed commentary :slight_smile:


But that might be hard, and I want to have opinions now!

Also, I wonder if just anyone’s voice will do? Do the devices somehow voiceprint their owners, like ducklings?


I have a neighbor’s child the does the “dolphin attack” with ninja like precision.

1 Like

Am I the only one irked by their inability to properly assemble a speaker cable? Speakons aren’t hard to do, I’ve done hundreds, maybe thousands.



Um … the authors of the paper are academics, I wouldn’t expect them to be able to. Reminder: Not all Chinese people assemble cables, just the ones who work in speaker-cable factories.

1 Like

That was my impression. When I turned on the voice-activation feature on my iPhone, it asked me to say “Hello Siri” several times, presumably to fingerprint my voice.

I didn’t read the paper closely enough to find whether the authors started from voice samples that were already keyed to the specific device. If so, that would limit the usefulness of the attack quite a bit.

I, too, was, triggered

1 Like

Other than the aesthetics, what is the problem? They seem to work correctly.

Wow, do you always assume people are racist? You must think pretty low of the people who wrote this paper that they can’t cut cable and use strain relief properly. Heck, it doesn’t even require any sort of “advanced” skill like soldering or crimping. But of course you knew that. You wouldn’t possibly have commented like an ass on something you know nothing about.

The Neutrik Speakon connector has a strain relief chuck (2 sizes packaged) so that the conductors aren’t bearing the load if (when) someone/thing pulls on the cable. It’s a screw terminal termination to the cable end connectors so all that’s required of the person assembling is to cut the wire to length and strip back a few mm. It irks me when someone can’t take the time to do a very simple thing properly. It makes me wonder what else they’ve screwed up that isn’t so simple.

Mostly through it rubs my live production OCD the wrong way. In live production this sort of thing can cause all manner of headaches right when you don’t need them. It also shows you who in the shop needs education/scolding/mocking.

But isn’t this completely hidden inside the base? So that in this case they might have the strain relief installed, but they’ve just stripped too much of the outer jacket off of the wires? Or maybe they’re reusing a connector that was designed for a jacket that was narrower than the one on their cable, so they stripped extra so it would work?

Even if they have no strain relief at all, this isn’t for production use, and it is unlikely anyone will be pulling hard on their cable; using neutrik at all is probably overkill for the application.

The strain relief chuck is hidden inside the blue ring. Yes they did strip too much of the outer jacket (or didn’t cut back enough of the conductors). The strain relief chuck won’t work on just the conductors alone, it doesn’t get small enough, you must have the jacket in place. For 2c cable there’s no way that the jacket wouldn’t fit in a re-used connector. Props for giving them the benefit of the doubt though.

You’re right, not for production use, like I said, it mostly just works my OCD (not clinical) the wrong way. I can’t understand why people do it wrong when it’s so easy (and no more real work) to do it right. Plus it does introduce the possibility of bad connections and good science needs to dot all the t’s and cross all the i’s. :wink:

Cannot reproduce; definitely said all the silent things at my mobile and AT&T hasn’t periscoped their trip into the hellmouth and started sending business-class hardware and contracts yet.

This topic was automatically closed after 5 days. New replies are no longer allowed.