![Page 1: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/1.jpg)
DolphinAttack: Inaudible Voice Commands
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu
Zhejiang University
Presenter: Nikita Samarin
![Page 2: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/2.jpg)
DolphinAttackAn approach to inject inaudible voice commands at voice controllable systems by exploiting the ultrasound channel and the vulnerability of the underlying audio hardware.
![Page 3: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/3.jpg)
Voice Controllable System (VCS)
VCS = System + Speech Recognition
![Page 4: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/4.jpg)
Voice Controllable System (VCS)
VCS = System + Speech Recognition
Examples:
● Apple iPhone + Siri● Google Nexus + Google Now● Amazon Echo + Alexa● …
![Page 5: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/5.jpg)
Voice Controllable System (VCS)
![Page 6: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/6.jpg)
Voice Controllable System (VCS)Machine Learning Attacks
![Page 7: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/7.jpg)
Voice Controllable System (VCS)Machine Learning Attacks
Malware
![Page 8: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/8.jpg)
Voice Controllable System (VCS)Machine Learning Attacks
MalwareDolphinAttack
![Page 9: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/9.jpg)
How can an attacker exploit this attack?
![Page 10: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/10.jpg)
How can an attacker exploit this attack?
● Visiting a malicious website● Spying● Injecting fake information● Denial of service● … and more!
![Page 11: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/11.jpg)
Fundamental Idea
![Page 12: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/12.jpg)
Fundamental IdeaModulate the low-frequency voice signal (baseband) on an ultrasonic carrier, and demodulate the modulated voice signals at the receiver…
![Page 13: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/13.jpg)
Fundamental IdeaModulate the low-frequency voice signal (baseband) on an ultrasonic carrier, and demodulate the modulated voice signals at the receiver…
![Page 14: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/14.jpg)
Categories of Sound Waves
● Infrasonic waves ○ f < 20 Hz
● Audible sound waves ○ f = 20 Hz – 20 kHz
● Ultrasonic waves ○ f > 20 kHz
![Page 15: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/15.jpg)
(Amplitude) Modulation
![Page 16: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/16.jpg)
(Amplitude) ModulationLow-Frequency Voice Signal (Baseband)
![Page 17: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/17.jpg)
(Amplitude) ModulationLow-Frequency Voice Signal (Baseband)
+Ultrasonic (high-frequency)Carrier Signal
![Page 18: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/18.jpg)
(Amplitude) ModulationLow-Frequency Voice Signal (Baseband)
+Ultrasonic (high-frequency)Carrier Signal
=
Modulated (high-frequency) Voice Signal
![Page 19: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/19.jpg)
How to recover the voice signal?
● Exploit the electrical characteristics of microphones and amplifiers...
![Page 20: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/20.jpg)
How to recover the voice signal?
Nirupam Roy, Haitham Hassanieh, and Romit Roy Choudhury. 2017. BackDoor: Making Microphones Hear Inaudible Sounds. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys '17). ACM, New York, NY, USA, 2-14. DOI: https://doi.org/10.1145/3081333.3081366
![Page 21: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/21.jpg)
Voice Command Generation
![Page 22: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/22.jpg)
Activation Command Generation - Approach #1Text-to-speech based brute force
![Page 23: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/23.jpg)
Activation Command Generation - Approach #2Concatenative synthesis (with a few voice recordings)
![Page 24: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/24.jpg)
Threat Model
![Page 25: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/25.jpg)
Threat Model
● Attacker has no access to the target device
![Page 26: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/26.jpg)
Threat Model
● Attacker has no access to the target device○ But is fully aware of the technical characteristics
![Page 27: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/27.jpg)
Threat Model
● Attacker has no access to the target device○ But is fully aware of the technical characteristics
● No owner interaction (e.g. unlocking the screen)
![Page 28: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/28.jpg)
Threat Model
● Attacker has no access to the target device○ But is fully aware of the technical characteristics
● No owner interaction (e.g. unlocking the screen)● Attacker will use inaudible voice commands
○ Ultrasound (f > 20 kHz)
![Page 29: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/29.jpg)
Threat Model
● Attacker has no access to the target device○ But is fully aware of the technical characteristics
● No owner interaction (e.g. unlocking the screen)● Attacker will use inaudible voice commands
○ Ultrasound (f > 20 kHz)● Attacker can acquire the required equipment (e.g.
speakers designed for transmitting ultrasound)
![Page 30: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/30.jpg)
Experiment Setup (Feasibility Analysis)
![Page 32: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/32.jpg)
Targeted Systems
![Page 33: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/33.jpg)
![Page 34: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/34.jpg)
![Page 35: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/35.jpg)
![Page 36: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/36.jpg)
![Page 37: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/37.jpg)
![Page 38: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/38.jpg)
![Page 39: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/39.jpg)
Influence of Languages (Apple Watch)
![Page 40: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/40.jpg)
Impact of Background Noises (Apple Watch)
![Page 41: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/41.jpg)
Impact of Attack Distances (Apple Watch)
![Page 42: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/42.jpg)
Great! What about something more portable?
![Page 43: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/43.jpg)
Portable Setup
“Turn on airplane mode” (without amplifier)
![Page 44: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/44.jpg)
Portable Setup
With the amplifier module, the maximum distance of effective attacks is increased to 27 cm.
![Page 45: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/45.jpg)
Proposed Defenses
![Page 46: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/46.jpg)
Proposed Defenses
● Hardware-based
![Page 47: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/47.jpg)
Proposed Defenses
● Hardware-based○ Microphone enhancement
![Page 48: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/48.jpg)
Proposed Defenses
● Hardware-based○ Microphone enhancement○ Inaudible voice command cancellation
![Page 49: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/49.jpg)
Proposed Defenses
● Hardware-based○ Microphone enhancement○ Inaudible voice command cancellation
● Software-based
![Page 50: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/50.jpg)
Proposed Defenses
● Hardware-based○ Microphone enhancement○ Inaudible voice command cancellation
● Software-based○ Distinguish modulated voice commands and
genuine ones using machine learning (e.g. SVM)
![Page 51: DolphinAttack: Inaudible Voice Commandscs261/fa18/presentations/... · 2018. 11. 7. · DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,](https://reader035.vdocuments.site/reader035/viewer/2022081410/609e1c5fcabc4c52b66c1db9/html5/thumbnails/51.jpg)
Thank you!Questions?