What is a Hidden Command Attack on a voice assistant, and do modern assistants still fall for it?
It embeds commands in audio humans can't perceive (e.g. ultrasonic or masked signals) to control devices covertly — but modern Alexa, Bixby, Google Assistant, and Siri now detect and block these abnormal audio characteristics.
* The hidden (ultrasonic) command attack and why modern assistants now block it. *
Hidden Command Attacks use inaudible or hard-to-perceive audio frequencies to send commands to assistants, potentially letting attackers control devices without the user noticing. Commands are embedded in ultrasonic frequencies or overlaid audio, using techniques like frequency-modulated signals, time-compressed commands, and amplitude modulation outside the audible spectrum.
Test results: Amazon Alexa briefly detected the trigger word but auto-aborted after 2 seconds without executing; Bixby, Google Assistant, and Siri showed no reaction — modern filters detect and block abnormal audio characteristics.
Conclusion: the attack no longer works — all tested systems have implemented protections. Historically (2017–2019) it was a real problem, since closed by vendors.
Tip: This is a good example of a vulnerability class that was real, got publicised, and then got patched — the timeline (2017–2019 → fixed) matters when judging whether a threat is current.
Go deeper:
DolphinAttack: Inaudible Voice Commands (arXiv) — the ultrasonic hidden-command paper against Siri/Alexa/Google.