Rutgers Professor creates app to protect virtual assistants from hacking


Newswise – Before virtual assistants like Amazon’s Alexa and Google Assistant became ubiquitous household technologies, thieves had to gain physical access to a home in order to cause damage. Now all they need is their voice.

Voice assistants based on artificial intelligence have a not-so-secret vulnerability: they can be hacked with audible cues, ambient noise, or even ultrasound, allowing sensitive personal information like credit card numbers and passwords to be stolen. Yingying Chen, a Rutgers professor of electrical and computer engineering, has developed an application called WearID to fix these exploits.

“We’re a long way from that The glowwhen it took brute force to hurt someone,” Chen said. “In the digital age, you can analyze people’s lives and access their most important information just by speaking behind a closed door.”

Since 2020, Chen and her colleagues Yan Wang of Temple University and Nitesh Saxena of Texas A&M University have been developing a user authentication framework that captures human voice patterns in the vibration domain and uses them as identity tokens to verify spoken commands given to a virtual user Assistant.

The WearID solution works like this: When someone gives a command to a voice assistant, the WearID app installed on the user’s smartphone or wearable uses the device’s accelerometer to capture the vibration characteristics of the person speaking and compares them to that from the microphone of the user Audio recorded by voice assistants.

If a legitimate user gave the command, the spectral pattern between the vibration and audio domains is similar. If the pattern doesn’t match, the voice assistant ignores the prompt.

Chen is working with Rutgers to patent the technology and industry leaders from Silicon Valley to bring WearID to market. She hopes to have the app available for download sometime next year.

“Because it’s a software solution that doesn’t require any backend hardware, it should be easy to implement,” she said.

“As internet-connected devices become more popular and voice prompts become a more common form of interaction, user verification technology becomes even more important,” Chen said. Current vulnerabilities mean that attackers could theoretically hack inexpensive household devices (e.g. an internet-enabled television) and use them to issue commands to manipulate security-critical systems – e.g. B. a smart lock on a front door. WearID aims to close these loopholes.

“Manufacturers developing ‘smart’ home appliances and other devices are more focused on how to make those devices user-friendly than on security and privacy,” she said. “That’s why we think it’s important to use a combination of smart devices to defend against potential enemy attacks.”


About Author

Comments are closed.