1,351 research outputs found
On the Feasibility of Acoustic Attacks Using Commodity Smart Devices
Sound at frequencies above (ultrasonic) or below (infrasonic) the range of
human hearing can, in some settings, cause adverse physiological and
psychological effects to individuals. In this paper, we investigate the
feasibility of cyber-attacks that could make smart consumer devices produce
possibly imperceptible sound at both high (17-21kHz) and low (60-100Hz)
frequencies, at the maximum available volume setting, potentially turning them
into acoustic cyber-weapons. To do so, we deploy attacks targeting different
smart devices and take sound measurements in an anechoic chamber. For
comparison, we also test possible attacks on traditional devices.
Overall, we find that many of the devices tested are capable of reproducing
frequencies within both high and low ranges, at levels exceeding those
recommended in published guidelines. Generally speaking, such attacks are often
trivial to develop and in many cases could be added to existing malware
payloads, as they may be attractive to adversaries with specific motivations or
targets. Finally, we suggest a number of countermeasures, both
platform-specific and generic ones
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
A Survey on Acoustic Side Channel Attacks on Keyboards
Most electronic devices utilize mechanical keyboards to receive inputs,
including sensitive information such as authentication credentials, personal
and private data, emails, plans, etc. However, these systems are susceptible to
acoustic side-channel attacks. Researchers have successfully developed methods
that can extract typed keystrokes from ambient noise. As the prevalence of
keyboard-based input systems continues to expand across various computing
platforms, and with the improvement of microphone technology, the potential
vulnerability to acoustic side-channel attacks also increases. This survey
paper thoroughly reviews existing research, explaining why such attacks are
feasible, the applicable threat models, and the methodologies employed to
launch and enhance these attacks.Comment: 22 pages, conferenc
Recommended from our members
Countering Acoustic Adversarial Attacks in Microphone-equipped Smart Home Devices
Deep neural networks (DNNs) continue to demonstrate superior generalization performance in an increasing range of applications, including speech recognition and image understanding. Recent innovations in compression algorithms, design of efficient architectures and hardware accelerators have prompted a rapid growth in deploying DNNs on mobile and IoT devices to redefine user experiences. Relying on the superior inference quality of DNNs, various voice-enabled devices have started to pervade our everyday lives and are increasingly used for, e.g., opening and closing doors, starting or stopping washing machines, ordering products online, and authenticating monetary transactions. As the popularity of these voice-enabled services increases, so does their risk of being attacked. Recently, DNNs have been shown to be extremely brittle under adversarial attacks and people with malicious intentions can potentially exploit this vulnerability to compromise DNN-based voice-enabled systems. Although some existing work already highlights the vulnerability of audio models, very little is known of the behaviour of compressed on-device audio models under adversarial attacks. This paper bridges this gap by investigating thoroughly the vulnerabilities of compressed audio DNNs and makes a stride towards making compressed models robust. In particular, we propose a stochastic compression technique that generates compressed models with greater robustness to adversarial attacks. We present an extensive set of evaluations on adversarial vulnerability and robustness of DNNs in two diverse audio recognition tasks, while considering two popular attack algorithms: FGSM and PGD. We found that error rates of conventionally trained audio DNNs under attack can be as high as 100%. Under both white- and black-box attacks, our proposed approach is found to decrease the error rate of DNNs under attack by a large margin.Noki
Security and privacy problems in voice assistant applications: A survey
Voice assistant applications have become omniscient nowadays. Two models that provide the two most important functions for real-life applications (i.e., Google Home, Amazon Alexa, Siri, etc.) are Automatic Speech Recognition (ASR) models and Speaker Identification (SI) models. According to recent studies, security and privacy threats have also emerged with the rapid development of the Internet of Things (IoT). The security issues researched include attack techniques toward machine learning models and other hardware components widely used in voice assistant applications. The privacy issues include technical-wise information stealing and policy-wise privacy breaches. The voice assistant application takes a steadily growing market share every year, but their privacy and security issues never stopped causing huge economic losses and endangering users' personal sensitive information. Thus, it is important to have a comprehensive survey to outline the categorization of the current research regarding the security and privacy problems of voice assistant applications. This paper concludes and assesses five kinds of security attacks and three types of privacy threats in the papers published in the top-tier conferences of cyber security and voice domain
- …