The growing adoption of voice-enabled devices (e.g., smart speakers), particularly in smart home environments, has introduced many security vulnerabilities that pose significant threats to users' privacy and safety. When multiple devices are connected to a voice assistant, an attacker can cause serious damage if they can gain control of these devices. We ask where and how can an attacker issue clean voice commands stealthily across a physical barrier, and perform the first academic measurement study of this nature on the command injection attack. We present the BarrierBypass attack that can be launched against three different barrier-based scenarios termed across-door, across-window, and across-wall. We conduct a broad set of experiments to observe the command injection attack success rates for multiple speaker samples (TTS and live human recorded) at different command audio volumes (65, 75, 85 dB), and smart speaker locations (0.1-4.0m from barrier). Against Amazon Echo Dot 2, BarrierBypass is able to achieve 100% wake word and command injection success for the across-wall and across-window attacks, and for the across-door attack (up to 2 meters). At 4 meters for the across-door attack, BarrierBypass can achieve 90% and 80% injection accuracy for the wake word and command, respectively. Against Google Home mini BarrierBypass is able to achieve 100% wake word injection accuracy for all attack scenarios. For command injection BarrierBypass can achieve 100% accuracy for all the three barrier settings (up to 2 meters). For the across-door attack at 4 meters, BarrierBypass can achieve 80% command injection accuracy. Further, our demonstration using drones yielded high command injection success, up to 100%. Overall, our results demonstrate the potentially devastating nature of this vulnerability to control a user's device from outside of the device's physical space.
翻译:越来越多地采用语音辅助装置(例如智能扬声器),特别是在智能家庭环境中,这带来了许多安全弱点,对用户隐私和安全构成了重大威胁。当多个装置连接到语音助理时,攻击者如果能够控制这些装置,就会造成严重损坏。我们询问攻击者在哪里和如何在物理屏障上隐蔽地发出清洁的语音指令,并在指令注射袭击中进行这种性质的第一次学术测量研究。我们展示了“屏障Bypass攻击”,可以针对三个不同的基于屏障的情景发动袭击,这些情景被称作跨门、跨窗和跨墙。我们进行了一系列广泛的精确度实验,以观察多个语音样本(TTS和现场人类记录)的指令注射成功率。如果他们能够控制这些声音数量(65、75、85 dB)和智能扬声器位置(距离屏障屏障为0.1-400米)。在亚马逊 Echo Dott 2 中,“屏障”能够达到100%的后退言和命令注射成功率,对于跨窗和跨门攻击(最高至2米),我们可以达到“2米攻击”的准确度。在100米标准值上,“地面上实现“80”的准确度。在80比“安全” 上实现“地面”命令”。