Abstract
Speech recognition is a technology that enables the recognition and translation of spoken language into data that can be interpreted by computers. With the development of speech recognition technologies, voice assistants on mobile devices, such as Siri or Google Voice have been introduced. Particularly, mobile device users can easily perform several commands on their mobile devices using these systems. However, this convenience causes a vulnerability in that an adversary can access the mobile device data and functions easily. This vulnerability could be exploited by the adversary because there are no authentication procedures. Recently, a remote attack on a voice assistant was introduced, but the attack can be considered to be unrealistic because of many assumptions. In this paper, we analyze the vulnerabilities of mobile device speech recognition systems. We also introduce the Toilet-time attack as a new realistic attack model. Furthermore, we prove the practicality of our attack model and evaluate attack scenarios using a new attack tool called BadVoice.
| Original language | English |
|---|---|
| Title of host publication | ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks |
| Publisher | IEEE Computer Society |
| Pages | 882-887 |
| Number of pages | 6 |
| Volume | 2016-August |
| ISBN (Electronic) | 9781467399913 |
| DOIs | |
| Publication status | Published - 2016 Aug 9 |
| Event | 8th International Conference on Ubiquitous and Future Networks, ICUFN 2016 - Vienna, Austria Duration: 2016 Jul 5 → 2016 Jul 8 |
Other
| Other | 8th International Conference on Ubiquitous and Future Networks, ICUFN 2016 |
|---|---|
| Country | Austria |
| City | Vienna |
| Period | 16/7/5 → 16/7/8 |
Fingerprint
Keywords
- Mobile Application
- Security
- Voice Assistant
ASJC Scopus subject areas
- Computer Networks and Communications
- Computer Science Applications
- Hardware and Architecture
Cite this
BadVoice : Soundless voice-control replay attack on modern smartphones. / Young, Park Joon; Jin, Jo Hyo; Woo, Samuel; Lee, Dong Hoon.
ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks. Vol. 2016-August IEEE Computer Society, 2016. p. 882-887 7537163.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - BadVoice
T2 - Soundless voice-control replay attack on modern smartphones
AU - Young, Park Joon
AU - Jin, Jo Hyo
AU - Woo, Samuel
AU - Lee, Dong Hoon
PY - 2016/8/9
Y1 - 2016/8/9
N2 - Speech recognition is a technology that enables the recognition and translation of spoken language into data that can be interpreted by computers. With the development of speech recognition technologies, voice assistants on mobile devices, such as Siri or Google Voice have been introduced. Particularly, mobile device users can easily perform several commands on their mobile devices using these systems. However, this convenience causes a vulnerability in that an adversary can access the mobile device data and functions easily. This vulnerability could be exploited by the adversary because there are no authentication procedures. Recently, a remote attack on a voice assistant was introduced, but the attack can be considered to be unrealistic because of many assumptions. In this paper, we analyze the vulnerabilities of mobile device speech recognition systems. We also introduce the Toilet-time attack as a new realistic attack model. Furthermore, we prove the practicality of our attack model and evaluate attack scenarios using a new attack tool called BadVoice.
AB - Speech recognition is a technology that enables the recognition and translation of spoken language into data that can be interpreted by computers. With the development of speech recognition technologies, voice assistants on mobile devices, such as Siri or Google Voice have been introduced. Particularly, mobile device users can easily perform several commands on their mobile devices using these systems. However, this convenience causes a vulnerability in that an adversary can access the mobile device data and functions easily. This vulnerability could be exploited by the adversary because there are no authentication procedures. Recently, a remote attack on a voice assistant was introduced, but the attack can be considered to be unrealistic because of many assumptions. In this paper, we analyze the vulnerabilities of mobile device speech recognition systems. We also introduce the Toilet-time attack as a new realistic attack model. Furthermore, we prove the practicality of our attack model and evaluate attack scenarios using a new attack tool called BadVoice.
KW - Mobile Application
KW - Security
KW - Voice Assistant
UR - http://www.scopus.com/inward/record.url?scp=84983356854&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84983356854&partnerID=8YFLogxK
U2 - 10.1109/ICUFN.2016.7537163
DO - 10.1109/ICUFN.2016.7537163
M3 - Conference contribution
AN - SCOPUS:84983356854
VL - 2016-August
SP - 882
EP - 887
BT - ICUFN 2016 - 8th International Conference on Ubiquitous and Future Networks
PB - IEEE Computer Society
ER -