This paper presents a novel attack on voice-controlled digital assistants using nonsensical word sequences. We present the results of experimental work which demonstrates that it is possible for malicious actors to gain covert access to a voice-controlled system by hiding commands in apparently nonsensical sounds of which the meaning is opaque to humans. Several instances of nonsensical word sequences were identified which triggered a target command in a voice-controlled digital assistant, but which were incomprehensible to humans, as shown in tests with human experimental subjects. Our work confirms the potential for hiding malicious voice commands to voice-controlled digital assistants or other speech-controlled devices in speech sounds which are perceived by humans as nonsensical.
@article{arxiv.1808.01947,
title = {Nonsense Attacks on Google Assistant},
author = {Mary K. Bispham and Ioannis Agrafiotis and Michael Goldsmith},
journal= {arXiv preprint arXiv:1808.01947},
year = {2018}
}