MARCH 20, 2023 — Guenevere Chen, an associate professor in the UTSA Department of Electrical and Computer Engineering, recently published a paper on USENIX Security 2023 that demonstrates a novel inaudible voice trojan attack to exploit vulnerabilities of smart device microphones and voice assistants — like Siri, Google Assistant, Alexa or Amazon’s Echo and Microsoft Cortana — and provide defense mechanisms for users.
The researchers developed Near-Ultrasound Inaudible Trojan, or NUIT (French for “nighttime”) to study how hackers exploit speakers and attack voice assistants remotely and silently through the internet.
Chen, her doctoral student Qi Xia, and Shouhuai Xu, a professor in computer science at the University of Colorado Colorado Springs (UCCS), used NUIT to attack different types of smart devices from smart phones to smart home devices. The results of their demonstrations show that NUIT is effective in maliciously controlling the voice interfaces of popular tech products and that those tech products, despite being on the market, have vulnerabilities
"The technically interesting thing about this project is that the defense solution is simple; however, in order to get the solution, we must discover what the attack is first,” said Xu.
The most popular approach that hackers use to access devices is social engineering, Chen explained. Attackers lure individuals to install malicious apps, visit malicious websites or listen to malicious audio.
For example, an individual’s smart device becomes vulnerable once they watch a malicious YouTube video embedded with NUIT audio or video attacks, either on a laptop or mobile device. Signals can discreetly attack the microphone on the same device or infiltrate the microphone via speakers from other devices such as laptops, vehicle audio systems, and smart home devices.
“If you play YouTube on your smart TV, that smart TV has a speaker, right? The sound of NUIT malicious commands will become inaudible, and it can attack your cell phone too and communicate with your Google Assistant or Alexa devices. It can even happen in Zooms during meetings. If someone unmutes themselves, they can embed the attack signal to hack your phone that’s placed next to your computer during the meeting,” Chen explained.
Once they have unauthorized access to a device, hackers can send inaudible action commands to reduce a device’s volume and prevent a voice assistant’s response from being heard by the user before proceeding with further attacks. The speaker must be above a certain noise level to successfully allow an attack, Chen noted, while to wage a successful attack against voice assistant devices, the length of malicious commands must be below 77 milliseconds (or 0.77 seconds).
“This is not only a software issue or malware. It’s a hardware attack that uses the internet. The vulnerability is the nonlinearity of the microphone design, which the manufacturer would need to address,” Chen said. “Out of the 17 smart devices we tested, Apple Siri devices need to steal the user’s voice while other voice assistant devices can get activated by using any voice or a robot voice.”
NUIT can silence Siri’s response to achieve an unnoticeable attack as the iPhone’s volume of the response and the volume of the media are separately controlled. With these vulnerabilities identified, Chen and team are offering potential lines of defense for consumers. Awareness is the best defense, the UTSA researcher says. Chen recommends users authenticate their voice assistants and exercise caution when they are clicking links and grant microphone permissions.
She also advises the use of earphones in lieu of speakers.
“If you don’t use the speaker to broadcast sound, you’re less likely to get attacked by NUIT. Using earphones sets a limitation where the sound from earphones is too low to transmit to the microphone. If the microphone cannot receive the inaudible malicious command, the underlying voice assistant can’t be maliciously activated by NUIT,” Chen explained.
Research toward the development of NUIT was partially funded by a grant from the Department of Energy National Nuclear Security Administration’s (NNSA) Minority Serving Institutions Partnership Program (MSIPP). The $5 million grant supports research by the Consortium On National Critical Infrastructure Security (CONCISE) and allows the creation of certification related to leveraging Artificial Intelligence (AI) and block-chain technology to enhance critical infrastructure cybersecurity posture.
UTSA is a nationally recognized leader in cybersecurity. It is one of few colleges or universities in the nation – and the only Hispanic Serving Institution – to have three National Centers of Academic Excellence designations from the U.S. Department of Homeland Security and National Security Agency.
Additionally, the university is home to five cybersecurity research centers and institutes— the Cybersecurity Manufacturing Innovation Institute, the National Security Collaboration Center, the Institute for Cyber Security, the Center for Infrastructure Assurance and Security and the Cyber Center for Security and Analytics.
UCCS has a uniquely integrated campus cybersecurity model and is considered the center of cybersecurity education for the University of Colorado system. The university is primed to meet the cybersecurity needs of our nation, from education and research partnerships to developing the cybersecurity workforce of the future.
UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.
In this hands-on workshop, participants will learn to setup an EndNote library, save references and PDFs, and automatically create and edit a bibliography. Attendees are encouraged, but not required, to have EndNote already installed on a personal computer.
Virtual EventJoin this annual community celebration of Mexico’s independence sponsored by the Avenida Guadalupe Association. UTSA’s Westside Community Center—located at the parade’s starting location at Guadalupe and Brazos Streets—will be open to visitors for the duration of the event.
UTSA Westside Community Center, 1310 Guadalupe St, San Antonio, TX 78207Don’t mind the writing but hate formatting citations and bibliographies? Working on your thesis or dissertation, or even a long paper this semester? Citation managers such as Zotero® can help you store and organize the citations you find during your research. Take part in this session about using Zotero®.
Virtual EventDid you know the library offers much more than books and study spaces? Our librarians can also support your research and publishing and strengthen your instruction. Join us for a one-hour workshop about all that UTSA Libraries offers.
Virtual EventAre you interested in learning more about incorporating digital methods into your research? This workshop will introduce you to approaches and tools that can help support your research. Through hands-on activities, you will learn about text analysis and digital mapping and how these methods can enrich your projects.
Group Spot B, 2.01.22, John Peace LibraryLearn to use the simple but powerful features of EndNote®, a citation management tool. In this hands-on workshop, participants will learn to setup an EndNote library, save references and PDFs, and automatically create and edit a bibliography.
Virtual EventAproduction of the Gudalupe Cultural Arts Center, Rio Bravo showcases the vibrant music and dance traditions of the Texas-Mexico border region. Featuring the Guadalupe Dance Company and Mariachi Azteca de América, the performances will be filmed live both nights, courtesy of UTSA's College of Liberal and Fine Arts.
UTSA Downtown CampusThe University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education .
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to promoting access for all. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.