The ad was canceled after viewers started editing the Wikipedia page to comic effect.Ī few months later, the animated series South Park followed up with an entire episode built around voice commands that caused viewers’ voice-recognition assistants to parrot adolescent obscenities.
Last year, Burger King caused a stir with an online ad that purposely asked ‘O.K., Google, what is the Whopper burger?” Android devices with voice-enabled search would respond by reading from the Whopper’s Wikipedia page. There is already a history of smart devices being exploited for commercial gains through spoken commands. Yet many people leave their smartphones unlocked, and, at least for now, voice recognition systems are notoriously easy to fool. Both companies’ assistants employ voice recognition technology to prevent devices from acting on certain commands unless they recognize the user’s voice.Īpple said its smart speaker, HomePod, is designed to prevent commands from doing things like unlocking doors, and it noted that iPhones and iPads must be unlocked before Siri will act on commands that access sensitive data or open apps and websites, among other measures. Google said security is an ongoing focus and that its Assistant has features to mitigate undetectable audio commands. By making slight changes to audio files, researchers were able to cancel out the sound that the speech recognition system was supposed to hear and replace it with a sound that would be transcribed differently by machines while being nearly undetectable to the human ear.Īmazon said that it doesn’t disclose specific security measures, but it has taken steps to ensure its Echo smart speaker is secure. Speech recognition systems typically translate each sound to a letter, eventually compiling those into words and phrases.
With audio attacks, the researchers are exploiting the gap between human and machine speech recognition. Computers can be fooled into identifying an airplane as a cat just by changing a few pixels of a digital image, while researchers can make a self-driving car swerve or speed up simply by pasting small stickers on road signs and confusing the vehicle’s computer vision system. These deceptions illustrate how artificial intelligence - even as it is making great strides - can still be tricked and manipulated. “My assumption is that the malicious people already employ people to do what I do,” he said. Carlini added that while there was no evidence that these techniques have left the lab, it may only be a matter of time before someone starts exploiting them. “We wanted to see if we could make it even more stealthy,” said Nicholas Carlini, a fifth-year Ph.D. So while a human listener hears someone talking or an orchestra playing, Amazon’s Echo speaker might hear an instruction to add something to your shopping list. This month, some of those Berkeley researchers published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online - simply with music playing over the radio.Ī group of students from University of California, Berkeley, and Georgetown University showed in 2016 that they could hide commands in white noise played over loudspeakers and through YouTube videos to get smart devices to turn on airplane mode or open a website. Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.
But someone else might be secretly talking to them, too. Many people have grown accustomed to talking to their smart devices, asking them to read a text, play a song or set an alarm.