Title: Synthetic Speech Based Security Attacks Against Voice Assistants and Defenses

Zhengxian He

Computer Science PhD Student

School of Cybersecurity and Privacy

Georgia Institute of Technology

Date: Friday, April 12th, 2024

Time:  11:00 AM – 12:00 PM (EDT)

Location(in-person): CODA  C1006 West End

Zoom: https://gatech.zoom.us/j/98907317385?pwd=SHJ5OXRHL25lMVVuR3h1QzdCS2Fadz09&from=addon

Committee:

Dr. Mustaque Ahamad (Advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Alexandra Boldyreva, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Saman Zonouz, School of Cybersecurity and Privacy, Georgia Institute of Technology

Abstract:

Voice assistants, such as Amazon Alexa and Google Home, have become increasingly popular in both home and enterprise environments. While these devices offer convenience and enable a wide range of applications, their proliferation also introduces new security concerns. Researchers have demonstrated various attacks that can compromise voice assistants by issuing unauthorized voice commands. This proposal focuses on investigating the security risks associated with voice assistants and developing defenses against synthetic speech attacks and their use for data exfiltration.

In this proposal, I will first present our findings on the feasibility and impact of synthetic speech attacks on voice assistant applications. We use a unit-selection method to generate synthetic voice commands that mimic a victim’s voice using minimal training data. Our experiments against Amazon Alexa demonstrate that these attacks can effectively bypass defenses that check command source voice similarity with authorized users. Next, I will discuss our work on voice-based data exfiltration via compromised computers that are in the vicinity of voice assistants. We showed that malware on an infected computer could encode sensitive data into audio and use nearby voice assistants to stealthily transmit the data over a phone channel, bypassing network defenses. We characterized the bandwidth and accuracy of this exfiltration channel under various conditions and identified its key limiting factors.

Motivated by these findings, I will outline my remaining work, which aims to develop effective defenses against synthetic speech attacks on voice assistants. The key challenge is to accurately detect synthetic speech with low false positives while preserving usability for legitimate users. Our approach plans to leverage deep learning-based audio spoofing countermeasures and will adapt them to the specific context of voice assistants.