Yangyong Zhang (Texas A&M University), Lei Xu (Texas A&M University), Abner Mendoza (Texas A&M University), Guangliang Yang (Texas A&M University), Phakpoom Chinprutthiwong (Texas A&M University), Guofei Gu (Texas A&M University)

Popular Voice Assistant (VA) services such as Amazon Alexa and Google Assistant are now rapidly appifying their platforms to allow more flexible and diverse voice-controlled service experience. However, the ubiquitous deployment of VA devices and the increasing number of third-party applications have raised security and privacy concerns. While previous works such as hidden voice attacks mostly examine the problems of VA services’ default Automatic Speech Recognition (ASR)
component, our work analyzes and evaluates the security of the succeeding component after ASR, i.e., Natural Language Understanding (NLU), which performs semantic interpretation (i.e., text-to-intent) after ASR’s acoustic-to-text processing. In particular, we focus on NLU’s Intent Classifier which is used in customizing machine understanding for third-party VA Applications (or vApps). We find that the semantic inconsistency caused by the improper semantic interpretation of an Intent Classifier can create the opportunity of breaching the integrity of vApp processing when attackers delicately leverage some common spoken errors.

In this paper, we design the first linguistic-model-guided fuzzing tool, named LipFuzzer, to assess the security of Intent Classifier and systematically discover potential misinterpretation-prone spoken errors based on vApps’ voice command templates. To guide the fuzzing, we construct adversarial linguistic models with the help of Statistical Relational Learning (SRL) and emerging Natural Language Processing (NLP) techniques. In evaluation, we have successfully verified the effectiveness and accuracy of LipFuzzer. We also use LipFuzzer to evaluate both Amazon Alexa and Google Assistant vApp platforms. We have identified that a large portion of real-world vApps
are vulnerable based on our fuzzing result.

View More Papers

How Bad Can It Git? Characterizing Secret Leakage in...

Michael Meli (North Carolina State University), Matthew R. McNiece (Cisco Systems and North Carolina State University), Bradley Reaves (North Carolina State University)

Read More

The use of TLS in Censorship Circumvention

Sergey Frolov (University of Colorado Boulder), Eric Wustrow (University of Colorado Boulder)

Read More

Latex Gloves: Protecting Browser Extensions from Probing and Revelation...

Alexander Sjösten (Chalmers University of Technology), Steven Van Acker (Chalmers University of Technology), Pablo Picazo-Sanchez (Chalmers University of Technology), Andrei Sabelfeld (Chalmers University of Technology)

Read More

NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage

Wajih Ul Hassan (NEC Laboratories America, Inc.; University of Illinois at Urbana–Champaign), Shengjian Guo (Virginia Tech), Ding Li (NEC Laboratories America, Inc.), Zhengzhang Chen (NEC Laboratories America, Inc.), Kangkook Jee (NEC Laboratories America, Inc.), Zhichun Li (NEC Laboratories America, Inc.), Adam Bates (University of Illinois at Urbana–Champaign)

Read More