Research output per year
Research output per year
Rongjunchen Zhang, Xiao Chen, Sheng Wen, James Zheng
Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review
Voice Assistant (VAs) are increasingly popular for human-computer interaction (HCI) smartphones. To help users automatically conduct various tasks, these tools usually come with high privileges and are able to access sensitive system resources. A comprised VA is a stepping stone for attackers to hack into users’ phones. Prior work has experimentally demonstrated that VAs can be a promising attack point for HCI tools. However, the state-of-the-art approaches require ad-hoc mechanisms to activate VAs that are non-trivial to trigger in practice and are usually limited to specific mobile platforms. To mitigate the limitations faced by the state-of-the-art, we propose a novel attack approach, namely Vaspy, which crafts the users’ “activation voice” by silently listening to users’ phone calls. Once the activation voice is formed, Vaspy can select a suitable occasion to launch an attack. Vaspy embodies a machine learning model that learns suitable attacking times to prevent the attack from being noticed by the user. We implement a proof-of-concept spyware and test it on a range of popular Android phones. The experimental results demonstrate that this approach can silently craft the activation voice of the users and launch attacks. In the wrong hands, a technique like Vaspy can enable automated attacks to HCI tools. By raising awareness, we urge the community and manufacturers to revisit the risks of VAs and subsequently revise the activation logic to be resilient to the style of attacks proposed in this work.
Original language | English |
---|---|
Title of host publication | Machine Learning for Cyber Security |
Subtitle of host publication | Second International Conference, ML4CS 2019 Xi’an, China, September 19–21, 2019 Proceedings |
Editors | Xiaofeng Chen, Xinyi Huang, Jun Zhang |
Place of Publication | Cham Switzerland |
Publisher | Springer |
Pages | 378-396 |
Number of pages | 19 |
ISBN (Electronic) | 9783030306199 |
ISBN (Print) | 9783030306182 |
DOIs | |
Publication status | Published - 2019 |
Externally published | Yes |
Event | International Conference on Machine Learning for Cyber Security 2019 - Xi'an, China Duration: 19 Sept 2019 → 21 Sept 2019 Conference number: 2nd https://link.springer.com/book/10.1007/978-3-030-30619-9 (Proceedings) |
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 11806 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference | International Conference on Machine Learning for Cyber Security 2019 |
---|---|
Abbreviated title | ML4CS 2019 |
Country/Territory | China |
City | Xi'an |
Period | 19/09/19 → 21/09/19 |
Internet address |
|
Research output: Contribution to journal › Article › Other › peer-review