Connection/ Issue 2/ Research highlights/ Phone hacking

Credit: Dreamtime

Phone Hacking

Speech recognition assistants such as Siri are increasingly popular. Allowing devices to be controlled by voice gives hackers a way of targeting these devices. Thus it raises an important question: is it possible to activate these assistants with hidden voice commands that are incomprehensible to humans?

ZJU solutions

Professor XU Wenyuan and her colleagues from the Ubiquitous System Security Lab (USS Lab) at ZJU’s College of Electrical Engineering have designed a type of ultrasonic messages called “DolphinAttack”, which is completely inaudible to the human ear. As expected, DolphinAttack could sneak into the phone and manipulate its applications. In response, the team proposed hardware and software defense solutions to counter the potential threat.

What we do

DolphinAttack can modulate voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems.

The research team validated DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei, HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, they observed a few proof-of-concept attacks: activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile.

The team pointed out the feasibility to detect DolphinAttack by classifying the audios using supported vector machine. They suggested re-designing voice-control systems to be resilient to inaudible voice command attacks. Specifically, they proposed two hardware-based defense strategies, namely microphone enhancement and baseband cancellation. They said software-based defense strategies, such as using a machine learning based classifier, can also be used to detect DolphinAttack.

Implications

One way to mitigate the threat is to redesign microphones to reduce their sensitivity to ultrasonic carrier waves. However, this does not help people who already own a phone that is at risk. In this sense, a software-based solution is more practical. As ultrasonic commands are different from natural voice in several ways, it might be meaningful to develop a system which can spot ultrasonic commands and deliver it to millions of phone users.

Watch the experiment video at http://www.usslab.org/projects/dolphinAttack.html 

The related paper titled “Dolphin Attack: Inaudible Voice Commands” won the Best Paper Award at the 2017 ACM Conference on Computer and Communications Security held on October 30 - November 3 in Dallas, Texas, USA. This is the first time that a Chinese higher education institution has clinched the award.