Appendix GDisembodiment Attacks
As discussed in Chapter 10, “The Future,” disembodiment attacks are a speculative future risk that will become increasingly problematic as advanced AI models are more tightly integrated with physical robotics. During the COVID-19 pandemic, some hospitals attempted to minimize face-to-face interactions with hospital personnel by implementing Amazon Alexa devices with customized skills to support patient interactions. A research team I was leading at the time identified a way to replace the rule-based language model of the custom Alexa skill to alter the devices’ functionality—specifically, by abusing the setup mode functionality in conjunction with preloaded intent functions. This attack was an early example of disembodiment attacks, where the operating model of a physical robotics system could be substituted without altering the system's physical form. The following code is a series of Python classes for handling Alexa intents related to the malicious language model skill that was loaded to compromised devices. The IceChipsIntentHandler class included in the following code was a proof of concept (PoC) to alter the functionality of the Alexa device to verbally abuse patients if they asked for ice chips:
class IceChipsIntentHandler(AbstractRequestHandler):"""Handler for Ice Chips Intent."""def can_handle(self, handler_input):# type: (HandlerInput) -> boolreturn ask_utils.is_intent_name("Ice")(handler_input)def handle(self, handler_input): ...