1

We propose a systems-oriented defense against voice-based confusion attacks that exploit design issues in commercial voice assistants like Amazon Alexa and Google Home. Our defense, called SkilIFence, uses information from counterpart apps and websites to interpret a user’s intentions and ensure that only the intended skills are executed in response to voice commands. We demonstrate the effectiveness of SkillFence through experiments involving real user data and synthetic and organic speech, showing that it can secure 90.83% of skills with a false acceptance rate of 19.83%.

We propose a new method for generating physical adversarial examples for camera-based computer vision that are invisible to human eyes. Rather than modifying the victim object with visible artifacts, our method modifies the light that illuminates the object. This allows an attacker to create a modulated light signal that adversarially illuminates a scene and causes targeted misclassifications on a state-of-the-art ImageNet deep learning model. We demonstrate the effectiveness of our method through a range of simulation and physical experiments with LEDs, achieving targeted attack rates of up to 84%.