Attacker's Noise Can Manipulate Your Audio-based LLM in the Real World
By: Vinu Sankar Sadasivan , Soheil Feizi , Rajiv Mathews and more
Potential Business Impact:
Makes voice assistants unsafe to use.
This paper investigates the real-world vulnerabilities of audio-based large language models (ALLMs), such as Qwen2-Audio. We first demonstrate that an adversary can craft stealthy audio perturbations to manipulate ALLMs into exhibiting specific targeted behaviors, such as eliciting responses to wake-keywords (e.g., "Hey Qwen"), or triggering harmful behaviors (e.g. "Change my calendar event"). Subsequently, we show that playing adversarial background noise during user interaction with the ALLMs can significantly degrade the response quality. Crucially, our research illustrates the scalability of these attacks to real-world scenarios, impacting other innocent users when these adversarial noises are played through the air. Further, we discuss the transferrability of the attack, and potential defensive measures.
Similar Papers
Hidden in the Noise: Unveiling Backdoors in Audio LLMs Alignment through Latent Acoustic Pattern Triggers
Sound
Makes AI that hears unsafe from hidden sounds.
Hidden in the Noise: Unveiling Backdoors in Audio LLMs Alignment through Latent Acoustic Pattern Triggers
Sound
Tricks voice AI with hidden noise commands
When Good Sounds Go Adversarial: Jailbreaking Audio-Language Models with Benign Inputs
Sound
Makes AI assistants say bad things from quiet sounds.