Skip to main content
  1. Home
  2. Mobile
  3. News

Researchers find a way to hack your phone with hidden voice commands

Adam Ismail
By

voice command hack google now nexus 6
Image used with permission by copyright holder
Between malware hiding in seemingly innocent apps and deadly strings of emoji, the battle to keep our smart devices secure is a never ending one. Every new mode of interaction, be it voice control or a unique identifier like a fingerprint or facial recognition, presents another venue by which hackers can access and manipulate the technology around us.

The researchers at UC Berkeley and Georgetown University are keenly aware of this, which is why last year they decided to investigate precisely how vulnerable the voice recognition software that powers so many of our computing devices really is. They focused on Google Assistant, which lives system-wide on Android and within the Google app on iOS, and developed a way to garble voice commands just enough so that Google Assistant could understand them, but they were unintelligible to most humans.

Recommended Videos

Researchers tested the recognition of several obfuscated commands, like “OK Google,” and measured the software’s ability to decipher the message compared to that of humans. What they found, particularly in the case of “OK Google,” was that the panel of participants were only able to identify the scrambled phrase 22 percent of the time, but the Assistant understood it 95 percent of the time. What’s more, the software was better at decoding the obfuscated version than the normal pronunciation of “OK Google,” which yielded a recognition rate of only 90 percent.

Demo VoiceHack

At first glance, many of these distorted commands may just come off as static with the vague cadence of speech, only sped up. As humans, when we know what the phrase is before we hear it, it becomes infinitely easier to identify. But without that information, in many cases, we’re left stumped.

Related

The study notes that some of the jumbled-up commands are easier for us to figure out than others. “Call 911,” for example, yielded a human recognition rate of 94 percent, compared to only 40 percent by Google Assistant, probably because it’s a phrase the wide majority of American English speakers have been preconditioned to hear. But, the right combination of a niche command altered just enough so that our personal assistants are receptive to it while we’re left scratching our heads poses an obvious risk, considering voice controls in most consumer devices lack any form of authentication.

What can we do to protect against voice hacking?

One of the few preventative measures against this kind of voice-targeted manipulation is that many commands prompt assistants to request confirmation afterward. However, as The Atlantic points out in their piece about the study, that’s just a small roadblock to clear with a distorted “yes,” and if everything happens too fast for the user to realize what’s going on, they won’t be able to stop it in time.

Some of the jumbled-up commands are easier for us to figure out than others.

The team followed up its discovery by proposing ways services like Google Assistant, Apple’s Siri and Amazon’s Alexa could head off these attacks, and it turns out there are a variety of methods companies might be inclined to implement. Some defenses, like an audio CAPTCHA, could be thrown in as a final confirmation to distinguish human users from machines — though the researchers point out that the algorithms that power audio CAPTCHAs are relatively outdated and have not kept pace with advancements made in speech recognition technology. Not to mention, CAPTCHAs are infuriating to deal with.

A more complicated solution is tailoring recognition to the owner’s voice, which many services already employ in a limited capacity. However, the report concedes that proposal requires training on the part of the device, and poses a problem for gadgets intended to be used by multiple people, like the Amazon Echo. The team has determined one of the most practical and effective defenses would be a filter that slightly degrades the audio quality of commands, rendering most obfuscated phrases unrecognizable to the device while allowing human ones to pass through.

While reports of voice-based attacks of this kind of are uncommon, if not nonexistent, it’s always helpful to be aware of areas where vulnerabilities lie so they can be curbed before problems really start popping up. Thanks to the research done here, we’ll be a little bit more prepared in case a wave of satanic-sounding whispers begin telling our smartphones what to do.

Editors' Recommendations

Topics
Adam Ismail
Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
You’ll soon be able to have Alexa make a donation to your favorite candidate
amazon echo show 5 review mem 2v2

Many of Alexa's new features are the result of study and analysis on part of the voice assistant's development team. During last year's midterm elections, analysts saw a massive spike in questions related to the elections. Users wanted to know which candidates were in the lead in what area, where the nearest polling station was, and much more. The team took these questions and developed functionality they believed Alexa users would appreciate, which resulted in Wednesday's announcement of Alexa Political Contributions.

This new feature will allow users to make a donation to their favorite presidential candidate by saying, "Alexa, donate to (name of candidate)." Donations of up to $200 can be made to any candidate that signs up for the program starting next month. Donations will go through Amazon Pay, the payment processing service that already handles other types of payments made through Alexa as well as purchases made on the Amazon website.

Read more
5 ways that future A.I. assistants will take voice tech to the next level
amazon alexa laugh echo night creepy feature

Since Siri debuted on the iPhone 4s back in 2011, voice assistants have gone from unworkable gimmick to the basis for smart speaker technology found in one in six American homes.

“Before Siri, when I talked about [what I do] there were blank stares,” Tom Hebner, head of innovation at Nuance Communications, which develops cutting edge A.I. voice technology, told Digital Trends. “People would say, ‘Do you build those horrible phone systems? I hate you.’ That was one group of people’s only interaction with voice technology.”

Read more
Simplehuman’s Sensor Mirror Hi-Fi now responds to Amazon Alexa commands
simplehuman sensor miirror hi fi and assist google assistant ces 2019 mirror compact

Simplehuman is all-in when it comes to smart home stuff. From trash cans to soap dispensers to its flagship product, a series of sensor mirrors, the designer/manufacturer is determined to make your bathroom one of the most inviting rooms in your home. They were everywhere at the Consumer Electronics Show (CES) in Las Vegas earlier this year,and now their smart mirror  -- which has always worked with Google Assistant -- is adding Amazon's Alexa to the mix.

sensor mirror — tru-lux light

Read more