The growing adoption of voice-enabled devices (e.g., smart speakers), particularly in smart home environments, has introduced many security vulnerabilities that pose significant threats to users' privacy and safety. When multiple devices are connected to a voice assistant, an attacker can cause serious damage if they can gain control of these devices. We ask where and how can an attacker issue clean voice commands stealthily across a physical barrier, and perform the first academic measurement study of this nature on the command injection attack. We present the BarrierBypass attack that can be launched against three different barrier-based scenarios termed across-door, across-window, and across-wall. We conduct a broad set of experiments to observe the command injection attack success rates for multiple speaker samples (TTS and live human recorded) at different command audio volumes (65, 75, 85 dB), and smart speaker locations (0.1-4.0m from barrier). Against Amazon Echo Dot 2, BarrierBypass is able to achieve 100% wake word and command injection success for the across-wall and across-window attacks, and for the across-door attack (up to 2 meters). At 4 meters for the across-door attack, BarrierBypass can achieve 90% and 80% injection accuracy for the wake word and command, respectively. Against Google Home mini BarrierBypass is able to achieve 100% wake word injection accuracy for all attack scenarios. For command injection BarrierBypass can achieve 100% accuracy for all the three barrier settings (up to 2 meters). For the across-door attack at 4 meters, BarrierBypass can achieve 80% command injection accuracy. Further, our demonstration using drones yielded high command injection success, up to 100%. Overall, our results demonstrate the potentially devastating nature of this vulnerability to control a user's device from outside of the device's physical space.

翻译：随着语音控制设备（如智能音箱）在智能家居环境中的广泛普及，其引入的多个安全漏洞对用户的隐私与安全构成了重大威胁。当多个设备与语音助手连接时，若攻击者能够控制这些设备，将造成严重损害。我们探究了攻击者如何通过物理屏障隐蔽地发出干净语音指令的问题，并首次针对此类指令注入攻击开展了学术测量研究。我们提出了BarrierBypass攻击方法，该方法可针对三种基于物理屏障的场景——穿过门、穿过窗和穿过墙——发起攻击。通过大量实验，我们观测了不同指令音频音量（65、75、85 dB）下多个说话者样本（文本转语音与真人录音）及智能音箱位置（距屏障0.1至4.0米）的指令注入攻击成功率。针对Amazon Echo Dot 2，BarrierBypass在穿过墙和穿过窗攻击场景下实现了100%的唤醒词与指令注入成功率，在穿过门攻击场景（距离达2米）中同样达到100%。在距离4米的穿过门攻击中，BarrierBypass对唤醒词和指令的注入准确率分别达到90%和80%。针对Google Home Mini，BarrierBypass在所有攻击场景下均实现了100%的唤醒词注入准确率；在三种屏障场景（距离达2米）中，指令注入准确率均达到100%。在距离4米的穿过门攻击中，指令注入准确率为80%。此外，我们利用无人机进行的演示同样获得了高达100%的指令注入成功率。总体而言，本实验结果揭示了此类漏洞可能对用户设备造成的毁灭性控制风险——攻击者可从设备物理空间外部发起攻击。