As generative audio models are rapidly evolving, AI-generated audios increasingly raise concerns about copyright infringement and misinformation spread. Audio watermarking, as a proactive defense, can embed secret messages into audio for copyright protection and source verification. However, current neural audio watermarking methods focus primarily on the imperceptibility and robustness of watermarking, while ignoring its vulnerability to security attacks. In this paper, we develop a simple yet powerful attack: the overwriting attack that overwrites the legitimate audio watermark with a forged one and makes the original legitimate watermark undetectable. Based on the audio watermarking information that the adversary has, we propose three categories of overwriting attacks, i.e., white-box, gray-box, and black-box attacks. We also thoroughly evaluate the proposed attacks on state-of-the-art neural audio watermarking methods. Experimental results demonstrate that the proposed overwriting attacks can effectively compromise existing watermarking schemes across various settings and achieve a nearly 100% attack success rate. The practicality and effectiveness of the proposed overwriting attacks expose security flaws in existing neural audio watermarking systems, underscoring the need to enhance security in future audio watermarking designs.

翻译：随着生成式音频模型快速发展，AI生成音频日益引发版权侵权与虚假信息传播的担忧。音频水印作为一种主动防御手段，可将秘密信息嵌入音频以实现版权保护与来源验证。然而，当前神经音频水印方法主要关注水印的不可感知性与鲁棒性，却忽视了其面临安全攻击的脆弱性。本文提出一种简单而强大的攻击方法：覆盖攻击，即通过伪造水印覆盖合法音频水印，使原始合法水印无法被检测。根据攻击者掌握的音频水印信息，我们提出三类覆盖攻击：白盒攻击、灰盒攻击与黑盒攻击。我们还在前沿神经音频水印方法上全面评估了所提攻击。实验结果表明，所提覆盖攻击能有效破坏现有水印方案，在不同设置下实现接近100%的攻击成功率。该覆盖攻击的实用性与有效性揭示了现有神经音频水印系统的安全缺陷，凸显了未来音频水印设计需加强安全性的迫切需求。