LOGBOOK

HELP

Quiz Entry - updated: 2026.05.25

What is a Replay Attack on a voice assistant, and are current assistants vulnerable?

A replay attack plays a recording of a legitimate voice command back to the assistant — and yes, it still works: all tested assistants executed recorded commands as if spoken live, with near-100% success on high-quality recordings.

Replay attacks test whether assistants can distinguish live speech from recordings. The test had a recording phase (capturing legitimate commands like "What's the weather today?", "Turn on the light") and a playback phase (replaying them through a speaker with no live speaker present), across studio, smartphone, and compressed recording qualities.

Results:

  • All systems affected: Alexa, Bixby, Google Assistant, and Siri executed the recorded commands as if spoken live.
  • Quality matters: high-quality recordings had nearly 100% success; even smartphone recordings worked in over 80% of cases.

The replay attack remains possible, posing a real security risk — especially with high-quality recordings of legitimate users.

Tip: Note the contrast with hidden-command attacks: hidden commands are fixed, replay attacks aren't. Voice as a sole authentication factor is fragile precisely because a recording is enough.

From Quiz: PRIVACY / Device Tracking: Biometrics, RFID/NFC & E-Passports | Updated: May 25, 2026