Researchers find a way to hack your phone with hidden voice commands

voice command hack google now nexus 6
Between malware hiding in seemingly innocent apps and deadly strings of emoji, the battle to keep our smart devices secure is a never ending one. Every new mode of interaction, be it voice control or a unique identifier like a fingerprint or facial recognition, presents another venue by which hackers can access and manipulate the technology around us.

The researchers at UC Berkeley and Georgetown University are keenly aware of this, which is why last year they decided to investigate precisely how vulnerable the voice recognition software that powers so many of our computing devices really is. They focused on Google Assistant, which lives system-wide on Android and within the Google app on iOS, and developed a way to garble voice commands just enough so that Google Assistant could understand them, but they were unintelligible to most humans.

Researchers tested the recognition of several obfuscated commands, like “OK Google,” and measured the software’s ability to decipher the message compared to that of humans. What they found, particularly in the case of “OK Google,” was that the panel of participants were only able to identify the scrambled phrase 22 percent of the time, but the Assistant understood it 95 percent of the time. What’s more, the software was better at decoding the obfuscated version than the normal pronunciation of “OK Google,” which yielded a recognition rate of only 90 percent.

At first glance, many of these distorted commands may just come off as static with the vague cadence of speech, only sped up. As humans, when we know what the phrase is before we hear it, it becomes infinitely easier to identify. But without that information, in many cases, we’re left stumped.

The study notes that some of the jumbled-up commands are easier for us to figure out than others. “Call 911,” for example, yielded a human recognition rate of 94 percent, compared to only 40 percent by Google Assistant, probably because it’s a phrase the wide majority of American English speakers have been preconditioned to hear. But, the right combination of a niche command altered just enough so that our personal assistants are receptive to it while we’re left scratching our heads poses an obvious risk, considering voice controls in most consumer devices lack any form of authentication.

What can we do to protect against voice hacking?

One of the few preventative measures against this kind of voice-targeted manipulation is that many commands prompt assistants to request confirmation afterward. However, as The Atlantic points out in their piece about the study, that’s just a small roadblock to clear with a distorted “yes,” and if everything happens too fast for the user to realize what’s going on, they won’t be able to stop it in time.

Some of the jumbled-up commands are easier for us to figure out than others.

The team followed up its discovery by proposing ways services like Google Assistant, Apple’s Siri and Amazon’s Alexa could head off these attacks, and it turns out there are a variety of methods companies might be inclined to implement. Some defenses, like an audio CAPTCHA, could be thrown in as a final confirmation to distinguish human users from machines — though the researchers point out that the algorithms that power audio CAPTCHAs are relatively outdated and have not kept pace with advancements made in speech recognition technology. Not to mention, CAPTCHAs are infuriating to deal with.

A more complicated solution is tailoring recognition to the owner’s voice, which many services already employ in a limited capacity. However, the report concedes that proposal requires training on the part of the device, and poses a problem for gadgets intended to be used by multiple people, like the Amazon Echo. The team has determined one of the most practical and effective defenses would be a filter that slightly degrades the audio quality of commands, rendering most obfuscated phrases unrecognizable to the device while allowing human ones to pass through.

While reports of voice-based attacks of this kind of are uncommon, if not nonexistent, it’s always helpful to be aware of areas where vulnerabilities lie so they can be curbed before problems really start popping up. Thanks to the research done here, we’ll be a little bit more prepared in case a wave of satanic-sounding whispers begin telling our smartphones what to do.

Mobile

Why premium is the most overused, and least understood, word in tech

Everyone has heard the word premium, and many of us will have purchased a premium product, but what does premium actually mean, and why is it used so much in tech? Here's why it's so popular.
Cars

Protect yourself and your ride with our favorite dash cams

Dashboard cameras can assist drivers in car accident claims, settle speeding ticket disputes, and even catch glimpses of incoming meteors, among other things. Here, we've compiled a list of the most noteworthy offerings available.
Product Review

Chris is the virtual co-pilot phone-obsessives need in their car

Driving while using your phone is dangerous, and often illegal. Meet Chris, the digital assistant for your car that wants to help keep your hands off your phone, and your eyes on the road.
Mobile

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
Product Review

The new iPad Mini certainly isn’t a beauty, but it performs like a beast

Apple’s new iPad Mini has beastly performance, fluid iOS 12 software, and good battery life. It also looks like it came straight out of 2015, because the design hasn’t been changed. Here are our impressions of Apple’s new 7.9-inch…
Mobile

Need a quick battery boost? Try one of our favorite portable chargers

Battery life still tops the polls when it comes to smartphone concerns. If it’s bugging you, then maybe it’s time to snag yourself a portable charger. Here are our picks for the best portable chargers.
Mobile

You can now listen to Google Podcasts on your desktop without the app

The Google Podcasts app is no longer entirely necessary to listen to the podcasts it offers. With a simple tweak of the sharing URL, you can listen to a Google Podcasts podcast on your desktop or laptop without the app.
Mobile

The Samsung Galaxy S10 5G might be a few short weeks away from launch

Samsung has announced a whopping four new Galaxy S10 devices, from the low-cost S10e to the triple-camera S10 and S10 Plus. But it's the Galaxy S10 5G that steals the show as it's among the first 5G-ready smartphones to hit the market.
Computing

T-Mobile goes after big cable companies, pilots wireless home internet service

In a shot at big cable companies, T-Mobile is launching a new pilot program to bring an unlimited wireless LTE home internet service to up to 50,000 homes across the United States by the end of 2019.
Mobile

Type away on the best iPad keyboard cases, from the Mini to the Pro

Whether you're looking to replace your laptop with a tablet or merely want to increase your typing speed, a physical iPad keyboard is the perfect companion to the iPad. Check out our top picks for every available iPad model.
Mobile

Apple patent suggests Apple Watch bands could have built-in fitness indicators

Apple may be exploring ways to make Apple Watch bands a little more useful. A new patent has been filed by Apple that suggests Apple Watch bands could eventually have indicators for things like fitness goals.
Mobile

Apple patents hint at improved Apple Store and unboxing experiences

It looks like Apple is working on ways to improve the Apple Store and product unboxing experiences. The company has been awarded a few patents, largely for tech that can be used in product packaging to ensure products stay charged.
Wearables

Fossil made a smartwatch in 2004, and it’s part of a new brand retrospective

Fossil has been making watches for 35 years, and to celebrate the anniversary, it has a new retrospective exhibit complete with the first smartwatch it made — the Wrist Net watch from 2004.
Deals

Make some time for the best smartwatch deals for March 2019

Smartwatches make your life easier by sending alerts right on your wrist. Many also provide fitness-tracking features. So if you're ready to take the plunge into wearables and want to save money, read on for the best smartwatch deals.