Our analysis of inaudible attacks on voice-activated devices confirms the alarming risk factor of 7.6 out of 10, underlining significant security vulnerabilities scored independently by NIST National Vulnerability Database (NVD). Our baseline network model showcases a scenario in which an attacker uses inaudible voice commands to gain unauthorized access to confidential information on a secured laptop. We simulated many attack scenarios on this baseline network model, revealing the potential for mass exploitation of interconnected devices to discover and own privileged information through physical access without adding new hardware or amplifying device skills. Using Microsoft's CyberBattleSim framework, we evaluated six reinforcement learning algorithms and found that Deep-Q learning with exploitation proved optimal, leading to rapid ownership of all nodes in fewer steps. Our findings underscore the critical need for understanding non-conventional networks and new cybersecurity measures in an ever-expanding digital landscape, particularly those characterized by mobile devices, voice activation, and non-linear microphones susceptible to malicious actors operating stealth attacks in the near-ultrasound or inaudible ranges. By 2024, this new attack surface might encompass more digital voice assistants than people on the planet yet offer fewer remedies than conventional patching or firmware fixes since the inaudible attacks arise inherently from the microphone design and digital signal processing.

翻译：我们对语音激活设备不可听攻击的分析确认了令人担忧的风险因子（7.6/10），突显了美国国家标准与技术研究院国家漏洞数据库独立评估的重大安全漏洞。我们的基准网络模型展示了攻击者利用不可听语音命令非法获取安全笔记本电脑上机密信息的场景。基于该基准模型模拟多种攻击场景后，揭示了通过物理访问（无需添加新硬件或提升设备能力）对互联设备进行大规模利用、发现并掌控特权信息的潜在可能。借助微软的CyberBattleSim框架评估六种强化学习算法，发现结合利用策略的深度Q学习表现最优，能以更少步骤快速攻占所有节点。研究结果强调了在持续扩张的数字环境中理解非传统网络与新型网络安全措施的迫切需求，尤其是涉及移动设备、语音激活及易受近超声波/不可听频段隐形攻击的非线性麦克风的场景。到2024年，此类新型攻击面可能覆盖超过全球人口数量的数字语音助手，但由于不可听攻击源于麦克风设计及数字信号处理的固有问题，相较于传统补丁或固件修复可用的解决方案更为匮乏。