Virtual personal assistants can be hijacked by subliminal messages embedded in music



We've seen how a young child can place an order for a dollhouse using Alexa, and how a television anchorman repeating the story accidentally caused other Echo units to order a dollhouse too. Now comes a story that is even scarier in its implications. A report in Thursday's New York Times revealed that students from University of California, Berkeley, and Georgetown University were able to hide subliminal commands for virtual personal assistants inside white noise played over loudspeakers. The commands included enabling airplane mode and requesting a website on a smartphone. That was back in 2016.

To make matters worse, a new report from some of the Berkley students found that the subliminal messages could be hidden in music. While a smart device owner might only hear music, underneath there are commands aimed at the device's virtual personal assistant. According to Nicholas Carlini, a fifth-year Ph.D. student in computer security at U.C. Berkeley, it is only a matter of time before this is exploited. "My assumption is that the malicious people already employ people to do what I do," Carlini said.

Major smart speaker manufacturers like Amazon, Google and Apple say that they have safeguards in place to prevent their assistants from being hijacked. Amazon and Google use technology to block commands that cannot be heard. To block Alexa from accidentally getting activated on devices during its Super Bowl ad (which was about Alexa losing her voice), the company played a tone in the range of 3,000 to 6,000Hz. In addition, voice recognition technology prevents Alexa and Google Assistant from following through on tasks requested by an unknown voice. Apple says that its HomePod won't act on commands that unlock doors, and iPhone and iPod models must be unlocked before Siri can access personal data, call up websites or open apps.

Last year, a Burger King commercial said, "O.K., Google, what is the Whopper burger?" The idea was to get Android devices to read aloud the ingredients of the burger from the Whopper's Wikipedia page. But when the page was overrun with obviously false ingredients like "toe nail clippings," the ad was pulled.

A technique called DolphinAttack shows that subliminal messages can even be embedded in sounds inaudible to the human ear. Check out the video at the top of this story. While DolphinAttacks require the transmitter to be placed in close proximity to the smart device receiving the hidden message, last month researchers were able to send these subliminal message via ultrasound from 25 feet away.

Perhaps the scariest scenario was tested by Chinese and American researchers who discovered that virtual personal assistants would follow commands hidden inside music played from the radio or over YouTube. So if your phone or smart speaker starts acting funny and performs tasks that you didn't request, it could be reacting to a message embedded in a song you are listening to on the radio. Or, it could be coming from a message embedded in a sound that you can't even hear.

source: NYTimes

FEATURED VIDEO

4 Comments

1. GreenMan

Posts: 2694; Member since: Nov 09, 2015

I think even Homer Simpson is smarter than those so called "Smart A.I Assistants". Besides; if ordering stuff over the Internet without even LOOKING at it or reading the description and particulars is your thing then... Well, you've my sympathies, slacker. Anyhow, I'm just glad that little girl didn't order a pony! G'Day!

2. worldpeace

Posts: 3092; Member since: Apr 15, 2016

Even better if it was a wooden pony.

3. TerryD

Posts: 540; Member since: May 09, 2017

Or a rabbit

4. 14545

Posts: 1835; Member since: Nov 22, 2011

Agreed. That's why I refuse to embrace them. I'm far from a luddite, but I do draw the line somewhere. Even if my phone can still be activated remotely to listen to me at will, I just won't voluntarily opt for always listening devices.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.