Bookmarked CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition

It seems sharing play-lists is no longer an innocent behaviour, nor is playing YouTube with the sound on in the presence of automated speech recognition like Google’s, Amazon’s and Apple’s cloud connected microphones in your living room. “CommanderSongs can be spread through Internet (e.g., YouTube) and radio.

The easiest mitigation of course is not having such microphones in your home in the first place. Another is running your own ASR with your 95% standard commands localized in the device. Edge first like Candle proposes, not cloud first.

The popularity of ASR (automatic speech recognition) systems, like Google Voice, Cortana, brings in security concerns, as demonstrated by recent attacks.
The impacts of such threats, however, are less clear, since they are either
less stealthy (producing noise-like voice commands) or requiring the physical
presence of an attack device (using ultrasound). In this paper, we demonstrate
that not only are more practical and surreptitious attacks feasible but they
can even be automatically constructed. Specifically, we find that the voice
commands can be stealthily embedded into songs, which, when played, can
effectively control the target system through ASR without being noticed. For
this purpose, we developed novel techniques that address a key technical
challenge: integrating the commands into a song in a way that can be
effectively recognized by ASR through the air, in the presence of background
noise, while not being detected by a human listener. Our research shows that
this can be done automatically against real world ASR applications. We also
demonstrate that such CommanderSongs can be spread through Internet (e.g.,
YouTube) and radio, potentially affecting millions of ASR users. We further
present a new mitigation technique that controls this threat.

4 reactions on “

  1. Nice! No, not really. I have been tangentially following open source IoT development for some time as it pertains to ASR, home automation, etc. I cannot imagine inviting a limitless number of complete strangers into my home to observe my every word and move, yet this is the net effect of filling your home with IoT. I am resigned, however, to the reality that the vast majority of people either can’t or don’t care, and the combination of their addiction to convenience with their apathy toward privacy/self-preservation will make lots of money for lots of vendors for a long time to come. That doesn’t work for me, so I do try to monitor the evolution of open source tech alternatives which have the potential to give both the benefits and the control to users.

Comments are closed.


  • 💬 Stembestuurde gadgets en CommanderSong-aanvallen |
  • 💬 - Digging the Digital
  • 💬 |