Audio Prompt Injection Attack: AudioHijack Bypasses Voice AI Defenses
While prompt injection has become a common concern, a new attack vector, dubbed AudioHijack, introduces the concept of audio prompt injection. As reported by LΣҒΔ𝕽ΩLL 🇮🇱, this technique subtly modifies an ordinary audio file – a song, voice message, or even a Zoom call – with alterations imperceptible to the human ear. However, voice AI models interpret these subtle changes as explicit commands.
According to LΣҒΔ𝕽ΩLL 🇮🇱, citing IEEE Spectrum, researchers tested AudioHijack against 13 different voice models and services, achieving a success rate between 79% and 96%. This high efficacy demonstrates the significant risk, as attackers could compel AI models to perform malicious actions. These include searching for information online, downloading files, sending emails containing user data, embedding malicious links, or manipulating AI-generated responses.
LΣҒΔ𝕽ΩLL 🇮🇱 further highlights that attempts to train models to detect these malicious audio instructions only reduced the attack’s success rate by approximately 7%. This minimal reduction underscores the current difficulty in defending against such sophisticated auditory attacks, making proactive defensive strategies critical for organizations relying on voice AI.
What This Means For You
- If your organization utilizes voice AI models for transcription, virtual assistants, or any form of automated audio processing, you are directly exposed to AudioHijack. Assess your voice AI deployments immediately. Understand how these models process external audio inputs and whether they have network access or capabilities that could be exploited. This isn't theoretical; the attack is proven effective and current defenses are weak.
Written by SCW Threat Desk