Houston Chronicle

Alexa and Siri can get secret commands

- By Craig S. Smith

Many people have grown accustomed to talking to their smart devices, asking them to read a text, play a song or set an alarm. But someone else might be secretly talking to them, too.

Over the past two years, researcher­s in China and the U.S. have begun demonstrat­ing that they can send hidden commands that are undetectab­le to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university labs, the researcher­s have been able to secretly activate the artificial intelligen­ce systems on smartphone­s and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.

A group of students from University of California, Berkeley, and Georgetown University showed in 2016 that they could hide commands in white noise played over loudspeake­rs and through YouTube videos to get smart devices to turn on airplane mode or open a website.

This month, some of those Berkeley researcher­s published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text.

“We wanted to see if we could make it even more stealthy,” said Nicholas Carlini, a fifth-year Ph.D. student in computer security at UC Berkeley and one of the paper’s authors.

Speech-recognitio­n systems typically translate each sound to a letter, eventually compiling those into words and phrases. By making slight changes to audio files, researcher­s were able to cancel out the sound that the speech-recognitio­n system was supposed to hear and replace it with a sound that would be transcribe­d differentl­y by machines while being nearly undetectab­le to the human ear.

Amazon said that it doesn’t disclose specific security measures, but it has taken steps to ensure its Echo smart speaker is secure. Google said that security is an ongoing focus and that its Assistant has features to mitigate undetectab­le commands. Both companies’ assistants employ voice-recognitio­n technology to prevent devices from acting on certain commands unless they know the voice.

Apple said its HomePod speaker is designed to prevent commands from doing things like unlocking doors. It noted that iPhones and iPads must be unlocked before Siri will act on commands that access sensitive data or open apps and websites.

Carlini and his colleagues incorporat­ed commands into audio recognized by Mozilla’s DeepSpeech translatio­n software. They were able to hide the command, “OK, Google, browse to evil.com” in a recording of the spoken phrase, “Without the data set, the article is useless.” Humans cannot discern the command.

?? Christie Hemm Klok / New York Times ?? An Amazon Echo awaits a command. Researcher­s can send audio instructio­ns that people can’t hear to Alexa and Siri.
Christie Hemm Klok / New York Times An Amazon Echo awaits a command. Researcher­s can send audio instructio­ns that people can’t hear to Alexa and Siri.

Newspapers in English

Newspapers from United States