Silent commands can be used to hack Alexa, Siri or Google Assistant

Silent commands can be used to hack Alexa, Siri or Google Assistant
Photo Credit: Reuters
11 May, 2018

Smart devices such as Apple’s Siri, Amazon’s Alexa and Google’s Assistant can be controlled by hidden commands not detectable by the human ear, a report in The New York Times stated, citing a paper by researchers from University of California, Berkeley.

In 2016, students from Berkeley University and Georgetown University showed that they could hide commands in music videos from YouTube in the form of white noise. These commands could then be relayed to smart devices that would, without a user’s knowledge, open a website or turn on a smartphone in airplane mode, the NYT report said.

In the paper they published this month, the researchers found that such inaudible commands can now be embedded into music recordings and spoken text, which in contrast to white noise, is more difficult to detect, the report added. The researchers were able to show that the Echo or Google Home device sitting on a table in a home could add an item to a user’s shopping list without their knowledge.

This vulnerability poses a larger risk as such silent commands can be used for larger attacks such as wiring money illegally or unlocking doors remotely.

“We wanted to see if we could make it even more stealthy,” Nicholas Carlini, a fifth-year Ph.D. student in computer security at UCBerkeley and one of the paper’s authors, was quoted as telling NYT. He added that though there is no evidence that the technology has left the lab, it is only a matter of time before hackers figure it out themselves and cash in on the vulnerabilities.

On the other hand, Google and Amazon have been fighting a heady battle on the digital assistant front and there has been an unprecedented proliferation of devices with smart assistants in India and globally. While the companies have been making a pitch for smart use-cases with the assistants pushing consumers towards the delight of visual and voice computing, industry analysts claim that most of these moves are based on getting more behavioural data or patterns.

“Talking to a human-like person or character is easier than a company trying to first figure out a local language keyboard and then teaching people how to use it. Think of people who don't know how to write. Wouldn't it be easier for them to just converse? And since they don't interact with Google or its assistant now because of their inability to write, the company has no data on them. It would like to add some perspective or behavioural data on these kinds of users," Pavel Naiya, senior analyst at Counterpoint Research, explained.

At its annual developer conference earlier this week, Google said that the Assistant, rolled out just three years back, can now be accessed on 500 million devices across 30 languages in 80 countries. The company had also said that the Assistant is also available in over 40 car brands and 5,000 connected devices.

In contrast, Amazon's Alexa is believed to be available across 4,000 connected devices. However, surveys released last year claim that Alexa has a clear lead over Google. According to a report from Emarketer released in May last year, Amazon dominates the voice-controlled speaker market. It had 70.6% of all voice-enabled speaker users in the US compared to 23.8% captured by Google Home.

Another report from VoiceLabs published in January last year also ranked Alexa as the leading AI voice in terms of market share. Survey data from Edison Research released last June found that Amazon Alexa-enabled devices had 82% market share compared to just 18% for Google Home.