Researchers find a way to hack your phone with hidden voice commands

voice command hack google now nexus 6
Between malware hiding in seemingly innocent apps and deadly strings of emoji, the battle to keep our smart devices secure is a never ending one. Every new mode of interaction, be it voice control or a unique identifier like a fingerprint or facial recognition, presents another venue by which hackers can access and manipulate the technology around us.

The researchers at UC Berkeley and Georgetown University are keenly aware of this, which is why last year they decided to investigate precisely how vulnerable the voice recognition software that powers so many of our computing devices really is. They focused on Google Assistant, which lives system-wide on Android and within the Google app on iOS, and developed a way to garble voice commands just enough so that Google Assistant could understand them, but they were unintelligible to most humans.

Researchers tested the recognition of several obfuscated commands, like “OK Google,” and measured the software’s ability to decipher the message compared to that of humans. What they found, particularly in the case of “OK Google,” was that the panel of participants were only able to identify the scrambled phrase 22 percent of the time, but the Assistant understood it 95 percent of the time. What’s more, the software was better at decoding the obfuscated version than the normal pronunciation of “OK Google,” which yielded a recognition rate of only 90 percent.

At first glance, many of these distorted commands may just come off as static with the vague cadence of speech, only sped up. As humans, when we know what the phrase is before we hear it, it becomes infinitely easier to identify. But without that information, in many cases, we’re left stumped.

The study notes that some of the jumbled-up commands are easier for us to figure out than others. “Call 911,” for example, yielded a human recognition rate of 94 percent, compared to only 40 percent by Google Assistant, probably because it’s a phrase the wide majority of American English speakers have been preconditioned to hear. But, the right combination of a niche command altered just enough so that our personal assistants are receptive to it while we’re left scratching our heads poses an obvious risk, considering voice controls in most consumer devices lack any form of authentication.

What can we do to protect against voice hacking?

One of the few preventative measures against this kind of voice-targeted manipulation is that many commands prompt assistants to request confirmation afterward. However, as The Atlantic points out in their piece about the study, that’s just a small roadblock to clear with a distorted “yes,” and if everything happens too fast for the user to realize what’s going on, they won’t be able to stop it in time.

Some of the jumbled-up commands are easier for us to figure out than others.

The team followed up its discovery by proposing ways services like Google Assistant, Apple’s Siri and Amazon’s Alexa could head off these attacks, and it turns out there are a variety of methods companies might be inclined to implement. Some defenses, like an audio CAPTCHA, could be thrown in as a final confirmation to distinguish human users from machines — though the researchers point out that the algorithms that power audio CAPTCHAs are relatively outdated and have not kept pace with advancements made in speech recognition technology. Not to mention, CAPTCHAs are infuriating to deal with.

A more complicated solution is tailoring recognition to the owner’s voice, which many services already employ in a limited capacity. However, the report concedes that proposal requires training on the part of the device, and poses a problem for gadgets intended to be used by multiple people, like the Amazon Echo. The team has determined one of the most practical and effective defenses would be a filter that slightly degrades the audio quality of commands, rendering most obfuscated phrases unrecognizable to the device while allowing human ones to pass through.

While reports of voice-based attacks of this kind of are uncommon, if not nonexistent, it’s always helpful to be aware of areas where vulnerabilities lie so they can be curbed before problems really start popping up. Thanks to the research done here, we’ll be a little bit more prepared in case a wave of satanic-sounding whispers begin telling our smartphones what to do.

Mobile

Why premium is the most overused, and least understood, word in tech

Everyone has heard the word premium, and many of us will have purchased a premium product, but what does premium actually mean, and why is it used so much in tech? Here's why it's so popular.
Deals

Make some time for the best smartwatch deals for March 2019

Smartwatches make your life easier by sending alerts right on your wrist. Many also provide fitness-tracking features. So if you're ready to take the plunge into wearables and want to save money, read on for the best smartwatch deals.
Cars

Automakers are spending billions on self-driving technology people are afraid of

Automakers are spending billions of dollars on developing the technology that will power self-driving cars, but research shows consumers have no interest in giving up control. Will they ever recoup their investment?
Mobile

How to use Samsung's Bixby assistant for all of your smartphone tasks

Samsung Bixby is a powerful tool, but not the most intuitive one we've encountered. Here's how to set up and use every feature of Samsung's digital assistant, as well as what to expect in the future.
Mobile

iPad Air vs. iPad Mini: Which new tablet from Apple is best for you?

Apple has unveiled two new iPad models, including a new iPad Air and a new iPad Mini. Both devices have a lot to offer. But which iPad is right for your needs? We put the iPad Air and iPad Mini to the test to find out.
Deals

The best Apple AirPods alternatives for Android, Windows, and iOS devices

Apple AirPods, nice as they are, aren't the only game in town. Other makers are offering their own truly wireless earbuds, and if you're looking to buy a pair of high-end in-ear headphones, we've got the best AirPod alternatives on the…
Mobile

Even older Apple Watches could be effective at spotting heart conditions

The Apple Watch Series 4 is known for detecting heart conditions like atrial fibrillation thanks to having an electrocardiograph feature. It turns out that older Apple Watches could be effective at tracking AFib, too.
Mobile

The Black Shark 2’s Ludicrous Mode promises the smoothest mobile gaming

Xiaomi-backed Black Shark has a follow-up to last year's Black Shark gaming phone, complete with high specs and a low price. Here's everything we know about the Black Shark 2 gaming phone.
Deals

Need a new tablet? Here are the best iPad deals for March 2019

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for March 2018.
Deals

Amazon drops price on Apple Watch Series 4 with a rare deal

Since Apple first unveiled the Series 4, the price for one has pretty much held fast. This has finally started to change with a nice little $15 discount on Amazon. If you've been wanting the newest Apple Watch, now is a great time.
Computing

Sending SMS messages from your PC is easier than you might think

Texting is a fact of life, but what to do when you're in the middle of something on your laptop or just don't have your phone handy? Here's how to send a text message from a computer, whether you prefer to use an email client or Windows 10.
Mobile

Google's midrange Pixels might be called the Pixel 3a and Pixel 3a XL

The Google Pixel 3 and Pixel 3 XL are considered to be two of the best Android smartphones, but it looks like Google could be prepping a midrange line. Say hello to the Pixel 3a and Pixel 3a XL.
Gaming

Angry Birds AR: Isle of Pigs brings 3D demolition into your living room

Angry Birds is releasing its next entry in the spring of 2019 - with a new spin. Bringing 3D environments and destruction, Angry Birds AR: Isle of Pigs uses augmented reality to add a new dimension to a classic series.
Mobile

Whether by the pool or the sea, make a splash with the best waterproof phones

Whether you're looking for a phone you can use in the bath, or you just want that extra peace of mind, waterproof phones are here and they're amazing. Check out our selection of the best ones you can buy.