Whisper is a recent Automatic Speech Recognition (ASR) model displaying impressive robustness to both out-of-distribution inputs and random noise. In this work, we show that this robustness does not carry over to adversarial noise. We show that we can degrade Whisper performance dramatically, or even transcribe a target sentence of our choice, by generating very small input perturbations with Signal Noise Ratio of 35-45dB. We also show that by fooling the Whisper language detector we can very easily degrade the performance of multilingual models. These vulnerabilities of a widely popular open-source model have practical security implications and emphasize the need for adversarially robust ASR.

翻译：Whisper是一种最新的自动语音识别（ASR）模型，在分布外输入和随机噪声方面展现出惊人的鲁棒性。在本研究中，我们证明这种鲁棒性并未延伸至对抗噪声。通过生成信噪比为35-45dB的极小输入扰动，我们能够显著降低Whisper的性能，甚至转录出我们选择的目标句子。此外，我们通过欺骗Whisper的语言检测器，能够轻易降低多语言模型的性能。这一广受欢迎的开源模型存在的漏洞具有实际安全意义，并凸显了开发对抗鲁棒性ASR的必要性。