受损的电脑遇到语音助手:秘密地通过电话语音窃取数据

2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2021-06-01 DOI:10.1109/DSN48987.2021.00061

Zhengxian He, M. Rajput, M. Ahamad

{"title":"受损的电脑遇到语音助手:秘密地通过电话语音窃取数据","authors":"Zhengxian He, M. Rajput, M. Ahamad","doi":"10.1109/DSN48987.2021.00061","DOIUrl":null,"url":null,"abstract":"New security concerns arise due to the growing popularity of voice assistants (VA) in home and enterprise networks. We explore how malware infected computers can encode sensitive data into audio and leverage nearby VAs to exfiltrate it. Such low cost attacks can be launched remotely, at scale, and can bypass network defenses. By using Dual-Tone Multi-Frequency tones to encode data into audio that is played over ordinary computer speakers, modest amounts of data (e.g., a kilobyte) can be transmitted with a phone call lasting a few minutes. This can be done while making the audio nearly inaudible for most people. With the help of a prototype built by us, we experimentally assess the impact of several factors that impact data transfer rates and transmission accuracy achieved by such attacks. Our results show that voice assistants in the vicinity of computers can pose new threats to data stored on them.","PeriodicalId":222512,"journal":{"name":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"92 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Compromised Computers Meet Voice Assistants: Stealthily Exfiltrating Data as Voice over Telephony\",\"authors\":\"Zhengxian He, M. Rajput, M. Ahamad\",\"doi\":\"10.1109/DSN48987.2021.00061\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"New security concerns arise due to the growing popularity of voice assistants (VA) in home and enterprise networks. We explore how malware infected computers can encode sensitive data into audio and leverage nearby VAs to exfiltrate it. Such low cost attacks can be launched remotely, at scale, and can bypass network defenses. By using Dual-Tone Multi-Frequency tones to encode data into audio that is played over ordinary computer speakers, modest amounts of data (e.g., a kilobyte) can be transmitted with a phone call lasting a few minutes. This can be done while making the audio nearly inaudible for most people. With the help of a prototype built by us, we experimentally assess the impact of several factors that impact data transfer rates and transmission accuracy achieved by such attacks. Our results show that voice assistants in the vicinity of computers can pose new threats to data stored on them.\",\"PeriodicalId\":222512,\"journal\":{\"name\":\"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"volume\":\"92 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN48987.2021.00061\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN48987.2021.00061","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

由于语音助手(VA)在家庭和企业网络中的日益普及，出现了新的安全问题。我们探索恶意软件感染的计算机如何将敏感数据编码为音频，并利用附近的虚拟机来泄漏它。这种低成本的攻击可以远程、大规模地发起，并且可以绕过网络防御。通过使用双音多频音调将数据编码成音频，在普通的计算机扬声器上播放，一个持续几分钟的电话可以传输适量的数据(例如，千字节)。这可以在大多数人几乎听不到音频的情况下完成。在我们构建的原型的帮助下，我们实验评估了影响此类攻击实现的数据传输速率和传输精度的几个因素的影响。我们的研究结果表明，计算机附近的语音助手可能会对存储在计算机上的数据构成新的威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Compromised Computers Meet Voice Assistants: Stealthily Exfiltrating Data as Voice over Telephony

New security concerns arise due to the growing popularity of voice assistants (VA) in home and enterprise networks. We explore how malware infected computers can encode sensitive data into audio and leverage nearby VAs to exfiltrate it. Such low cost attacks can be launched remotely, at scale, and can bypass network defenses. By using Dual-Tone Multi-Frequency tones to encode data into audio that is played over ordinary computer speakers, modest amounts of data (e.g., a kilobyte) can be transmitted with a phone call lasting a few minutes. This can be done while making the audio nearly inaudible for most people. With the help of a prototype built by us, we experimentally assess the impact of several factors that impact data transfer rates and transmission accuracy achieved by such attacks. Our results show that voice assistants in the vicinity of computers can pose new threats to data stored on them.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量