Stop bugging me! Evading modern-day wiretapping using adversarial perturbations

Yael Mathov, Tal Ben Senior, Asaf Shabtai, Yuval Elovici

Research output: Contribution to journalArticlepeer-review


Mass surveillance systems for voice over IP (VoIP) conversations pose a great risk to privacy. These automated systems use learning models to analyze conversations, and calls that involve specific topics are routed to a human agent for further examination. In this study, we present an adversarial-learning-based framework for privacy protection for VoIP conversations. We present a novel method that finds a universal adversarial perturbation (UAP), which, when added to the audio stream, prevents an eavesdropper from automatically detecting the conversation's topic. As shown in our experiments, the UAP is agnostic to the speaker or audio length, and its volume can be changed in real time, as needed. Our real-world solution uses a Teensy microcontroller that acts as an external microphone and adds the UAP to the audio in real time. We examine different speakers, VoIP applications (Skype, Zoom, Slack, Google Meet, and Microsoft Teams), and audio lengths. Our results in the real world suggest that our approach is a feasible solution for privacy protection.

Original languageAmerican English
Article number102841
JournalComputers and Security
StatePublished - Oct 2022


  • Adversarial examples
  • Privacy protection

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • Law


Dive into the research topics of 'Stop bugging me! Evading modern-day wiretapping using adversarial perturbations'. Together they form a unique fingerprint.

Cite this