What is a Replay Attack on a voice assistant, and are current assistants vulnerable?
A replay attack plays a recording of a legitimate voice command back to the assistant — and yes, it still works: all tested assistants executed recorded commands as if spoken live, with near-100% success on high-quality recordings.
Replay attacks test whether assistants can distinguish live speech from recordings. The test had a recording phase (capturing legitimate commands like "What's the weather today?", "Turn on the light") and a playback phase (replaying them through a speaker with no live speaker present), across studio, smartphone, and compressed recording qualities.
Results:
- All systems affected: Alexa, Bixby, Google Assistant, and Siri executed the recorded commands as if spoken live.
- Quality matters: high-quality recordings had nearly 100% success; even smartphone recordings worked in over 80% of cases.
The replay attack remains possible, posing a real security risk — especially with high-quality recordings of legitimate users.
Tip: Note the contrast with hidden-command attacks: hidden commands are fixed, replay attacks aren't. Voice as a sole authentication factor is fragile precisely because a recording is enough.