Abstract:
Recent studies have exposed that voice assistants can be manipulated by various voice commands without being noticed, however, existing attacks require a nearby speaker t...Show MoreMetadata
Abstract:
Recent studies have exposed that voice assistants can be manipulated by various voice commands without being noticed, however, existing attacks require a nearby speaker to play the attack commands. In this paper, we demonstrate that even without a speaker, we can use capacitors inside electronic devices to produce malicious voice commands, i.e., we convert capacitors into speakers and call it CapSpeaker. The underlying principle of CapSpeaker is the inverse piezoelectric effect, i.e., varying the voltage across a capacitor to make it vibrate and thus emit acoustic noises. Forcing capacitors to emit target voice commands is challenging because (1) capacitors’ response frequency is out of the range of audible voices. (2) We can not directly control the voltage across capacitors to manipulate their emit sounds. To overcome these challenges, we propose a PWM-based modulation scheme to embed the malicious audio onto a high-frequency carrier, e.g., above 20 kHz, and we create malware to induce the designed voltage across the capacitors such that CapSpeaker plays the chosen malicious commands. Our evaluation of 7 commercial devices demonstrates that CapSpeaker is feasible to inject voice commands, e.g., ”open the door”, at a distance of up to 10.5cm.
Published in: IEEE Transactions on Dependable and Secure Computing ( Volume: 21, Issue: 4, July-Aug. 2024)