EchoAttack: Practical Inaudible Attacks To Smart Earbuds

Recent years have shown substantial interest in revealing vulnerability issues of voice-controllable systems on smartphones and smart speakers. While significant prior works have leveraged inaudible signals to attack these smart devices, smart earbuds present unique challenges and vulnerabilities due to their extreme hardware constraints. In this paper, we present EchoAttack, a practical inaudible attack system for smart earbuds. The primary innovation of EchoAttack is the ability to leverage both indirect and direct paths to attack smart earbuds. To search for the optimal path, we design a path-searching algorithm based on the attenuation model of ultrasound. We also propose a novel approach to remove harmonics noise, which improves the attacking signal's SNR further. Finally, we propose using Zigbee radios to sniff the Bluetooth signal and enable a hidden feedback channel without the victim's awareness. We implement the EchoAttack prototype using off-the-shelf hardware components and evaluate the prototypes in four typical indoor and outdoor scenarios using six smart earbuds. Experimental results show that EchoAttack outperforms the pure direct-path attack by 75.8% on average in terms of attack success rate.

[1]  Nanyang Technological University,et al.  A Comprehensive Survey on Pretrained Foundation Models: A History from BERT to ChatGPT , 2023, ArXiv.

[2]  Qiben Yan,et al.  SPECPATCH: Human-In-The-Loop Adversarial Audio Spectrogram Patch Attack on Speech Recognition , 2022, CCS.

[3]  Shyamnath Gollakota,et al.  Inner-ear cochlea testing with earphones , 2022, ACM SIGMOBILE International Conference on Mobile Systems, Applications, and Services.

[4]  Qiben Yan,et al.  NEC: Speaker Selective Cancellation via Neural Enhanced Ultrasound Shadowing , 2022, 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[5]  Qiben Yan,et al.  SUPERVOICE: Text-Independent Speaker Verification Using Ultrasound Energy in Human Speech , 2022, AsiaCCS.

[6]  U. Roedig,et al.  Personal Voice Assistant Security and Privacy—A Survey , 2022, Proceedings of the IEEE.

[7]  Wenyuan Xu,et al.  A Survey on Voice Assistant Security: Attacks and Countermeasures , 2022, ACM Comput. Surv..

[8]  Qiben Yan,et al.  GhostTalk: Interactive Attack on Smartphone Voice System Through Power Line , 2022, NDSS.

[9]  Jian Liu,et al.  BioFace-3D: continuous 3d facial reconstruction through lightweight single-ear biosensors , 2021, MobiCom.

[10]  S. Haddad,et al.  Earbud-Embedded Micro-Power mm-Sized Optical Sensor for Accurate Heart Beat Monitoring , 2021, IEEE Sensors Journal.

[11]  Charles J. Carver,et al.  FaceSense , 2021, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies.

[12]  Cecilia Mascolo,et al.  EarGate: gait-based user identification with in-ear microphones , 2021, MobiCom.

[13]  Romit Roy Choudhury,et al.  Personalizing head related transfer functions for earables , 2021, SIGCOMM.

[14]  Zhanpeng Jin,et al.  Voice In Ear , 2021, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[15]  Romit Roy Choudhury,et al.  Earable Computing: A New Area to Think About , 2021, HotMobile.

[16]  Yunhao Liu,et al.  Patronus: preventing unauthorized speech recordings with support for selective unscrambling , 2020, SenSys.

[17]  Yunhao Liu,et al.  Patronus , 2020, Proceedings of the 18th Conference on Embedded Networked Sensor Systems.

[18]  Thomas J. Sargent,et al.  SciPy , 2020, Learning Scientific Programming with Python.

[19]  Tsvetelina Mladenova Open-source ERP systems: an overview , 2020, 2020 International Conference Automatics and Informatics (ICAI).

[20]  Romit Roy Choudhury,et al.  EarSense: earphones as a teeth activity sensor , 2020, MobiCom.

[21]  Romit Roy Choudhury,et al.  Ear-AR: indoor acoustic augmented reality on earphones , 2020, MobiCom.

[22]  Jian Mao,et al.  Watchdog: Detecting Ultrasonic-Based Inaudible Voice Attacks to Smart Home Systems , 2020, IEEE Internet of Things Journal.

[23]  Yunhao Liu,et al.  BlueDoor: breaking the secure information flow via BLE vulnerability , 2020, MobiSys.

[24]  Wei Sun,et al.  EarEcho , 2019, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[25]  Xinbing Wang,et al.  Canceling Inaudible Voice Commands Against Voice Control Systems , 2019, MobiCom.

[26]  Chenshu Wu,et al.  A Survey on Bluetooth 5.0 and Mesh , 2019, ACM Trans. Sens. Networks.

[27]  Wenyuan Xu,et al.  NAuth: Secure Face-to-Face Device Authentication via Nonlinearity , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[28]  Ting Wang,et al.  SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems , 2019, AsiaCCS.

[29]  Yula C Serpanos,et al.  Accuracy of Smartphone Self-Hearing Test Applications Across Frequencies and Earphone Styles in Adults. , 2018, American journal of audiology.

[30]  John R. Hershey,et al.  VoiceFilter: Targeted Voice Separation by Speaker-Conditioned Spectrogram Masking , 2018, INTERSPEECH.

[31]  Renaud Seguier,et al.  HRTF Individualization: A Survey , 2018, ArXiv.

[32]  Christian Poellabauer,et al.  An Overview of Vulnerabilities of Voice Controlled Systems , 2018, ArXiv.

[33]  Wenyuan Xu,et al.  DolphinAttack: Inaudible Voice Commands , 2017, CCS.

[34]  Romit Roy Choudhury,et al.  BackDoor: Making Microphones Hear Inaudible Sounds , 2017, MobiSys.

[35]  Kang G. Shin,et al.  Continuous Authentication for Voice Assistants , 2017, MobiCom.

[36]  Guoliang Xing,et al.  Practical Bluetooth Traffic Sniffing: Systems and Privacy Implications , 2016, MobiSys.

[37]  Kim-Phuong L. Vu,et al.  Privacy Concerns for Use of Voice Activated Personal Assistant in the Public Space , 2015, Int. J. Hum. Comput. Interact..

[38]  Vivian Genaro Motti,et al.  Users' Privacy Concerns About Wearables - Impact of Form Factor, Sensors and Type of Data Collected , 2015, Financial Cryptography Workshops.

[39]  Yunhao Liu,et al.  ZiSense: towards interference resilient duty cycling in wireless sensor networks , 2014, SenSys.

[40]  Thiemo Voigt,et al.  SoNIC: Classifying interference in 802.15.4 sensor networks , 2013, 2013 ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[41]  Pedro F. Miret,et al.  Wikipedia , 2008, Monatsschrift für Deutsches Recht.

[42]  Jody Kreiman,et al.  Perceptual interaction of the harmonic source and noise in voice. , 2012, The Journal of the Acoustical Society of America.

[43]  Guoliang Xing,et al.  ZiFi: wireless LAN discovery via ZigBee interference signatures , 2010, MobiCom.

[44]  Frances Y. Kuo,et al.  Constructing Sobol Sequences with Better Two-Dimensional Projections , 2008, SIAM J. Sci. Comput..

[45]  N. Golmie,et al.  Bluetooth adaptive frequency hopping and scheduling , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[46]  D. Hutchins,et al.  Ultrasonic propagation in various gases at elevated pressures , 2003 .

[47]  Chatschik Bisdikian,et al.  An overview of the Bluetooth wireless technology , 2001, IEEE Commun. Mag..

[48]  Kui Ren,et al.  Secure User Verification and Continuous Authentication Via Earphone IMU , 2022, IEEE Transactions on Mobile Computing.

[49]  Guoming Zhang,et al.  EarArray: Defending against DolphinAttack via Acoustic Attenuation , 2021, NDSS.

[50]  Charles J. Carver,et al.  FaceSense: Sensing Face Touch with an Ear-worn System , 2021, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[51]  Zimu,et al.  Institutional Knowledge at Singapore Management University Institutional Knowledge at Singapore Management University A survey on bluetooth 5.0 and mesh: New milestones of IoT A survey on bluetooth 5.0 and mesh: New milestones of IoT , 2020 .

[52]  Tao Chen,et al.  Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems , 2020, NDSS.

[53]  Hanqing Guo,et al.  SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves , 2020, NDSS.

[54]  Ke Sun,et al.  "Alexa, stop spying on me!": speech privacy protection against voice assistants , 2020, SenSys.

[55]  Romit Roy Choudhury,et al.  Inaudible Voice Commands: The Long-Range Attack and Defense , 2018, NSDI.

[56]  Abdellah Touhafi,et al.  MEMS microphones for wireless applications , 2017 .

[57]  Jingjie Sun,et al.  Audio power amplifier design , 2011 .

[58]  Sinem Coleri Ergen,et al.  ZigBee/IEEE 802.15.4 Summary , 2004 .

[59]  F. Mechel Reflection of Sound , 2004 .

[60]  Sung Gyoo Park Medicine and Science in Sports and Exercise , 1981 .

[61]  John S. Rigden,et al.  Physics and the sound of music , 1977 .