Bowen is from The Temple of Convi
Qubits | Official account QbitAI
Go and adjust the air conditioner temperature to 40 °C.
Good.
This is a self-question and answer from the same smart speaker, but the thing to do is to attack yourself:
Random dialing, opening doors autonomously, taking the owner's account to shop on Amazon, adjusting the temperature of the air conditioner to a number with a fatality explosion...
This "self-blackener" is Amazon's smart speaker Amazon Echo, of course, not some AI-related intelligence crisis.
The real "behind the scenes" is a research team from the UK and Italy.
They remotely hack into smart speakers and let smart speakers spontaneously issue malicious instructions to themselves through technical means.
Among the malicious instructions, the success rate of random dialing numbers is 73%, the success rate of modifying the calendar time is 88%, the success rate of controlling smart light switches is 93%, and even 100% of the purchase of any product on Amazon...
It can only be said that this wave of self-black is really strong.
Three vulnerabilities led to the success of "self-blackening"
So, how exactly did the researchers make the Echo speaker "self-blackening"?
This stems from three vulnerabilities in echo speakers:
A vulnerability for spontaneous commands: Echo speakers can recognize audio files played by this device and analyze and execute the voice commands contained in the audio files, Full Volume: It is possible to double the recognition rate of spontaneous commands on average Break Tag Chain: Some sensitive commands require users to respond continuously for a short period of time (8 seconds), otherwise the command will not be executed, but this vulnerability can extend the time to more than 1 hour, so that the device can be controlled for a long time
These vulnerabilities make it possible for hackers to remotely manipulate Echo speakers and force them to take spontaneous commands.
Even some sensitive commands that require verbal confirmation can continue smoothly by adding the word "YES" about 6 seconds after the command is issued.
There are several ways to manipulate the speaker: you can connect to Bluetooth, you can convert text to synthesized speech through Speech Synthesis Markup Language (SSML), and you can perform a malicious attack on the cloud host to tune the Echo speaker to the radio station that plays the command.
The Echo can then be tested to perform any permissible action through an attack method called AvA (Alexa versus Alexa).
(where Alexa is the evoking word for echo speakers)
The specific attack flow is shown in the following figure:
0.1, 0.2, 1.1, 1.2: Malware sends a command
2: Echo speakers issue commands by themselves
3: Resolve via Address Validation Service (AVS).
4, 5: If the command requires the use of external skills, the address verification service will communicate with the relevant server
6: Return the parsed information to the Echo speaker
In this way, you can edit the commands issued by the Echo speaker at will.
For example, a simple addition of 10+11 equals several can forcibly correct its answer to "77":
Currently, this attack can force smart speakers to perform many malicious acts, including:
Control smart appliances to dial arbitrary phone numbers tamper with calendars and modify schedules using Amazon accounts to make unauthorized purchases allowing adversaries to extract private data: including passwords for multiple connected devices
Fortunately, researchers have reported through Amazon's vulnerability research program, which is rated moderate.
Current attacks only take effect on third- and fourth-generation Echo Dot devices, and in the updated version, these issues have been fixed, which is a welcome bonus.
About the author
There are three authors: Sergio Esposito, Daniele Sgandurra, and Giampaolo Bella.
The first two are from the Royal Holloway, University of London in the United Kingdom, and the last one is from the Università degli Studi di Catania in Italy.
Dr. Daniele Sgandurra graduated from the University of Pisa in Italy and is also a graduate of the IBM Zurich Research Laboratory Security Group.
Now he is a research assistant in the Department of Computing at Imperial College London, focusing on threat modeling for cloud environments and malware analysis.
Thesis: https://arxiv.org/abs/2202.08619
参考链接:[1]https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/?comments=1[2]https://www.youtube.com/watch?v=t-203SV_Eg8
![After walking through the | 2021, behind those warm moments is the sense of responsibility and values of the fashion industry[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)