hidden voice commands
play

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish - PowerPoint PPT Presentation

Jul 30, 2023 •337 likes •993 views

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**, Micah Sherr**, Clay Shields**, David Wagner*, Wenchao Zhou** * University of California, Berkeley ** Georgetown University Voice channel opens up new

  1. Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**, Micah Sherr**, Clay Shields**, David Wagner*, Wenchao Zhou** * University of California, Berkeley ** Georgetown University

  3. Voice channel opens up new 
 possibilities for attack

  4. Today: "Okay google, text [premium SMS number]"

  5. In the future? "Okay google, pay John $100"

  7. We make voice commands stealthy.

  8. We produce audio which is noise to humans, but speech to devices.

  9. This is an instance of attacks 
 on Machine Learning

  10. Background

  11. Background Machine Learning Text Algorithm

  12. Background Feature ML Text Extraction Algorithm

  13. Feature Extraction

  14. Feature Extraction

  15. Feature Extraction

  16. Feature Extraction MFCC [x 0 ] MFCC [x 1 ] MFCC [x 2 ]

  17. Feature ML Text Extraction Algorithm

  19. First Attack: White-Box Assume complete system knowledge 
 (model, parameters, etc)

  20. Recognition Feature ML Text Extraction Algorithm

  21. Attack Feature ML Text Extraction Algorithm

  22. Attack Feature ML Text Extraction Algorithm

  23. Attack Feature ML Text Extraction Algorithm

  24. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  25. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  26. Inverting Feature Extraction MFCC -1 [x 0 ]

  27. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ]

  28. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ]

  29. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  30. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  31. Actually not that easy

  32. Playing attacks over-the-air 1. Create a model of the physical channel 2. Use model to predict effect of over-the-air 3. Validate model by playing potential obfuscated commands during generation

  33. Demo

  34. Demo

  35. Okay Google, take a picture

  36. Demo

  37. Okay Google, text 12345

  38. Demo

  39. Okay Google, browse to evil.com

  40. Not Over-The-Air Demo

  41. Okay Google, browse to evil.com

  43. Limitations No background noise, in an echo-free room. Assumes complete knowledge of model.

  45. Can we make this attack practical? Can we remove the white-box assumption?

  46. Yes. ... but at the expense of attack quality.

  48. Black-Box Attack Audio Speech Text Obfuscater Recognition

  49. Black-Box Attack MFCC Speech Text MFCC -1 Recognition

  50. Evaluation

  51. Demo

  56. White-Box Black-Box Attack on open system Practical real-world attack Commands heavily obfuscated Somewhat possible to recognize Works when played over-the-air Works when played over-the-air Doesn't tolerate background noise Background noise and echo okay

  58. Defenses? Notify the user that an action was taken. Challenge the user to perform an action. Detect and prevent the malicious commands.

  59. Detect and Prevent Successfully trained simple machine learning classifier: learn the difference between attack commands and actual commands

  61. Conclusion Voice: new paradigm for human-device interaction. This brings many new risks. Our hidden voice commands are practical. The impact of these attacks will increase. Future work is needed to construct defenses. http://hiddenvoicecommands.com/

Recommend

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by Jinli Zhong FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild, NDSS17 Presented by Jie Li Protecting Privacy of BLE

470 views • 34 slides
Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

DAISY D ata A nalysis and I nformation S ecurit Y Lab Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to Audio-based Adversarial Attacks Yingying (Jennifer) Chen Professor, Electrical and Computer

1.05k views • 46 slides
Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1 Longfei Shangguan 2 Zhenjiang Li 1 Kyle Jamieson 3 1 City University of Hong Kong, 2 Microsoft, 3 Princeton University Voice Assistants in Smart Home 2

808 views • 54 slides
DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu Zhejiang University BACKGROUND- DOLPHIN ATTACK An approach to inject inaudible voice commands at VCS by exploiting the

481 views • 28 slides
DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Zhejiang University Presenter: Huichen Li This paper won the CCS 2017 Best Paper award Speech Recognition Systems Apple Siri

720 views • 51 slides
SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves Qiben

SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves Qiben

SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves Qiben Yan 1 , Kehai Liu 2 , Qin Zhou 2 Hanqing Guo 1 , Ning Zhang 3 1 Michigan State University, 2 University of Nebraska-Lincoln, 3 Washington University

298 views • 29 slides
Android Pre-requisites 2 1 Unix commands Ge6ng help Use

Android Pre-requisites 2 1 Unix commands Ge6ng help Use

Android Pre-requisites 2 1 Unix commands Ge6ng help Use help flag when running command Type man command Hidden files Begin with .

212 views • 6 slides
The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands run some code to do the command For other commands find program executable and .... run it. Other features: wildcards, pipes, redirection.

468 views • 18 slides
Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Lecture 8: Visual Mode, /<CR>, Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed to next week... Too few things to test on Make sure to practice on commands discussed so far. Every

1.11k views • 83 slides
DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes Presented by N7MOT Lenny Gemar Amateur radio began with spark gap transmitters, evolving to Morse code and analog voice

442 views • 20 slides
Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF 4FSK VHF C4FM AMBE, AMBE+2, Codec-2 HF OFDM Audio Vocoder Modulator Integrate data into protocol A/D Compressed 10101111010 Mic

729 views • 13 slides
Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put off all these 3:8 put off the old man with his deeds 3:9 put on the new man who is renewed 3:10 put on tender mercies

2.44k views • 197 slides
Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

M Sdersten, Karolinska Institutet, Rekjavik, Oct 12, 2012 Voice team Karolinska University Hospital and Karolinska Institute Voice production and teachers voice disorders How does the voice work and what makes it to fail?

73 views • 5 slides
Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Lecture 5: Review + Basic Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now! Midterm next week! Format is similar to hws, focus on writing clear descriptions that do exactly what you want to

549 views • 43 slides
April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands Special Rights Principle of Attenuation of Privilege Harrison-Ruzzo-Ullman result Corollaries April 7, 2017 ECS 235B Spring Quarter

588 views • 33 slides
There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

Jeremiah 1:1-19 There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah 1:1-19 That voice rules. not only heard, but heeded. not only obliged, but obyed. Jeremiah 1:1-19 the word of the Lord

617 views • 12 slides
Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background:

Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background:

Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background: Voice and Speech 2 Human-AI Interaction Voice and Speech Human voice is an efficient input modality: it allows people to give commands to a

1.49k views • 31 slides
Getting Sta rted with Voice API Lorna Mitchell Getting Sta rted with Voice API Use the Voice

Getting Sta rted with Voice API Lorna Mitchell Getting Sta rted with Voice API Use the Voice

Getting Sta rted with Voice API Lorna Mitchell Getting Sta rted with Voice API Use the Voice API to make and receive calls, play audio, send and receive DTMF tones, and to record calls. Workshop plan: Introduce concepts and vocabulary

480 views • 19 slides
SQL , the Structured Query Language Overview Introduction DDL Commands DML Commands SQL

SQL , the Structured Query Language Overview Introduction DDL Commands DML Commands SQL

SQL , the Structured Query Language Overview Introduction DDL Commands DML Commands SQL Statements, Operators, Clauses Aggregate Functions Structured Query Language ( SQL SQL ) The ANSI standard language for the definition and manipulation

854 views • 30 slides
1 Incidence of teachers voice problems in UK LSBU survey of teachers voice levels (2004) 36

1 Incidence of teachers voice problems in UK LSBU survey of teachers voice levels (2004) 36

Damaging effects of noise on hearing and voice in childrens Outline learning environments Reykjavik Iceland 12-13 October 2012 Voice Care Network Oral communication ergonomic work in UK Incidence of teachers voice problems in UK

551 views • 5 slides
Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations Hongil Kim* ,

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations Hongil Kim* ,

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations Hongil Kim* , Dongkwan Kim* , Minhee Kwon, Hyeongseok Han, Yeongjin Jang, Taesoo Kim, Dongsu Han, Yongdae Kim 1 VoLTE = Voice over LTE 4G LTE: All-IP based

1.16k views • 113 slides
Commands The picture can't be displayed. Dr. John Yoon The History Almost every shell stores

Commands The picture can't be displayed. Dr. John Yoon The History Almost every shell stores

Advanced Linux Commands The picture can't be displayed. Dr. John Yoon The History Almost every shell stores the previous commands that you have issued. Most shells allow you to press the up arrow to cycle through previous commands.

656 views • 17 slides
Unix Commands on processes Xiaolan Zhang Spring 2013 1 Outlines Last class: commands

Unix Commands on processes Xiaolan Zhang Spring 2013 1 Outlines Last class: commands

Unix Commands on processes Xiaolan Zhang Spring 2013 1 Outlines Last class: commands working with files tree, ls and echo od (octal dump), stat (show meta data of file) touch, temporary file, file with random bytes locate,

548 views • 51 slides
SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit

SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit

SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit Management Systems Diane Serban, Ph.D., SAA Inc. Vincent Houston, NASA Langley Research Center SAA Provides Off-Line VOICE RECOGNITION Solutions to

501 views • 11 slides

More recommend