BadVoice: Soundless voice-control replay attack on modern smartphones

Park Joon Young; Jo Hyo Jin; Samuel Woo; Dong Hoon Lee

doi:10.1109/ICUFN.2016.7537163

BadVoice: Soundless voice-control replay attack on modern smartphones

Park Joon Young, Jo Hyo Jin, Samuel Woo, Dong Hoon Lee

Graduate School of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

Abstract

Speech recognition is a technology that enables the recognition and translation of spoken language into data that can be interpreted by computers. With the development of speech recognition technologies, voice assistants on mobile devices, such as Siri or Google Voice have been introduced. Particularly, mobile device users can easily perform several commands on their mobile devices using these systems. However, this convenience causes a vulnerability in that an adversary can access the mobile device data and functions easily. This vulnerability could be exploited by the adversary because there are no authentication procedures. Recently, a remote attack on a voice assistant was introduced, but the attack can be considered to be unrealistic because of many assumptions. In this paper, we analyze the vulnerabilities of mobile device speech recognition systems. We also introduce the Toilet-time attack as a new realistic attack model. Furthermore, we prove the practicality of our attack model and evaluate attack scenarios using a new attack tool called BadVoice.

Original language	English
Title of host publication	ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks
Publisher	IEEE Computer Society
Pages	882-887
Number of pages	6
Volume	2016-August
ISBN (Electronic)	9781467399913
DOIs	https://doi.org/10.1109/ICUFN.2016.7537163
Publication status	Published - 2016 Aug 9
Event	8th International Conference on Ubiquitous and Future Networks, ICUFN 2016 - Vienna, Austria Duration: 2016 Jul 5 → 2016 Jul 8

Other

Other	8th International Conference on Ubiquitous and Future Networks, ICUFN 2016
Country	Austria
City	Vienna
Period	16/7/5 → 16/7/8

Keywords

Mobile Application
Security
Voice Assistant

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture

Access to Document

10.1109/ICUFN.2016.7537163

Fingerprint Dive into the research topics of 'BadVoice: Soundless voice-control replay attack on modern smartphones'. Together they form a unique fingerprint.

Cite this

Young, P. J., Jin, J. H., Woo, S., & Lee, D. H. (2016). BadVoice: Soundless voice-control replay attack on modern smartphones. In ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks (Vol. 2016-August, pp. 882-887). [7537163] IEEE Computer Society. https://doi.org/10.1109/ICUFN.2016.7537163

Young, PJ, Jin, JH, Woo, S & Lee, DH 2016, BadVoice: Soundless voice-control replay attack on modern smartphones. in ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks. vol. 2016-August, 7537163, IEEE Computer Society, pp. 882-887, 8th International Conference on Ubiquitous and Future Networks, ICUFN 2016, Vienna, Austria, 16/7/5. https://doi.org/10.1109/ICUFN.2016.7537163

@inproceedings{bf372d8836814dd4aece82daaed69700,

title = "BadVoice: Soundless voice-control replay attack on modern smartphones",

abstract = "Speech recognition is a technology that enables the recognition and translation of spoken language into data that can be interpreted by computers. With the development of speech recognition technologies, voice assistants on mobile devices, such as Siri or Google Voice have been introduced. Particularly, mobile device users can easily perform several commands on their mobile devices using these systems. However, this convenience causes a vulnerability in that an adversary can access the mobile device data and functions easily. This vulnerability could be exploited by the adversary because there are no authentication procedures. Recently, a remote attack on a voice assistant was introduced, but the attack can be considered to be unrealistic because of many assumptions. In this paper, we analyze the vulnerabilities of mobile device speech recognition systems. We also introduce the Toilet-time attack as a new realistic attack model. Furthermore, we prove the practicality of our attack model and evaluate attack scenarios using a new attack tool called BadVoice.",

keywords = "Mobile Application, Security, Voice Assistant",

author = "Young, {Park Joon} and Jin, {Jo Hyo} and Samuel Woo and Lee, {Dong Hoon}",

year = "2016",

month = aug,

day = "9",

doi = "10.1109/ICUFN.2016.7537163",

language = "English",

volume = "2016-August",

pages = "882--887",

booktitle = "ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks",

publisher = "IEEE Computer Society",

note = "8th International Conference on Ubiquitous and Future Networks, ICUFN 2016 ; Conference date: 05-07-2016 Through 08-07-2016",

}

TY - GEN

T1 - BadVoice

T2 - 8th International Conference on Ubiquitous and Future Networks, ICUFN 2016

AU - Young, Park Joon

AU - Jin, Jo Hyo

AU - Woo, Samuel

AU - Lee, Dong Hoon

PY - 2016/8/9

Y1 - 2016/8/9

N2 - Speech recognition is a technology that enables the recognition and translation of spoken language into data that can be interpreted by computers. With the development of speech recognition technologies, voice assistants on mobile devices, such as Siri or Google Voice have been introduced. Particularly, mobile device users can easily perform several commands on their mobile devices using these systems. However, this convenience causes a vulnerability in that an adversary can access the mobile device data and functions easily. This vulnerability could be exploited by the adversary because there are no authentication procedures. Recently, a remote attack on a voice assistant was introduced, but the attack can be considered to be unrealistic because of many assumptions. In this paper, we analyze the vulnerabilities of mobile device speech recognition systems. We also introduce the Toilet-time attack as a new realistic attack model. Furthermore, we prove the practicality of our attack model and evaluate attack scenarios using a new attack tool called BadVoice.

AB - Speech recognition is a technology that enables the recognition and translation of spoken language into data that can be interpreted by computers. With the development of speech recognition technologies, voice assistants on mobile devices, such as Siri or Google Voice have been introduced. Particularly, mobile device users can easily perform several commands on their mobile devices using these systems. However, this convenience causes a vulnerability in that an adversary can access the mobile device data and functions easily. This vulnerability could be exploited by the adversary because there are no authentication procedures. Recently, a remote attack on a voice assistant was introduced, but the attack can be considered to be unrealistic because of many assumptions. In this paper, we analyze the vulnerabilities of mobile device speech recognition systems. We also introduce the Toilet-time attack as a new realistic attack model. Furthermore, we prove the practicality of our attack model and evaluate attack scenarios using a new attack tool called BadVoice.

KW - Mobile Application

KW - Security

KW - Voice Assistant

UR - http://www.scopus.com/inward/record.url?scp=84983356854&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84983356854&partnerID=8YFLogxK

U2 - 10.1109/ICUFN.2016.7537163

DO - 10.1109/ICUFN.2016.7537163

M3 - Conference contribution

AN - SCOPUS:84983356854

VL - 2016-August

SP - 882

EP - 887

BT - ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks

PB - IEEE Computer Society

Y2 - 5 July 2016 through 8 July 2016

ER -