25th USENIX Security Symposium has ended
Back To Schedule
Thursday, August 11 • 11:30am - 12:00pm
Hidden Voice Commands

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Voice interfaces are becoming more ubiquitous and are now the primary input method for many devices. We explore in this paper how they can be attacked with hidden voice commands that are unintelligible to human listeners but which are interpreted as commands by devices.

We evaluate these attacks under two different threat models. In the black-box model, an attacker uses the speech recognition system as an opaque oracle. We show that the adversary can produce difficult to understand commands that are effective against existing systems in the black-box model. Under the white-box model, the attacker has full knowledge of the internals of the speech recognition system and uses it to create attack commands that we demonstrate through user testing are not understandable by humans.

We then evaluate several defenses, including notifying the user when a voice command is accepted; a verbal challenge-response protocol; and a machine learning approach that can detect our attacks with 99.8% accuracy.


Nicholas Carlini

UC Berkeley

Micah Sherr

Georgetown University

Clay Shields

Georgetown University

Tavish Vaidya

Georgetown University

David Wagner

University of California, Berkeley

Thursday August 11, 2016 11:30am - 12:00pm PDT
Zilker Ballroom 3