Yours or Mine? Overwriting Attacks against Neural Audio Watermarking

• URL: http://arxiv.org/abs/2509.05835v1
• Date: Sat, 06 Sep 2025 21:23:44 GMT
• Title: Yours or Mine? Overwriting Attacks against Neural Audio Watermarking
• Authors: Lingfeng Yao, Chenpei Huang, Shengyao Wang, Junpei Xue, Hanqing Guo, Jiang Liu, Phone Lin, Tomoaki Ohtsuki, Miao Pan,
• Abstract summary: We develop a simple yet powerful attack that overwrites the legitimate audio watermark with a forged one.<n>Based on the audio watermarking information that the adversary has, we propose three categories of overwriting attacks.<n> Experimental results demonstrate that the proposed overwriting attacks can effectively compromise existing watermarking schemes.
• Score: 21.297468818273064
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: As generative audio models are rapidly evolving, AI-generated audios increasingly raise concerns about copyright infringement and misinformation spread. Audio watermarking, as a proactive defense, can embed secret messages into audio for copyright protection and source verification. However, current neural audio watermarking methods focus primarily on the imperceptibility and robustness of watermarking, while ignoring its vulnerability to security attacks. In this paper, we develop a simple yet powerful attack: the overwriting attack that overwrites the legitimate audio watermark with a forged one and makes the original legitimate watermark undetectable. Based on the audio watermarking information that the adversary has, we propose three categories of overwriting attacks, i.e., white-box, gray-box, and black-box attacks. We also thoroughly evaluate the proposed attacks on state-of-the-art neural audio watermarking methods. Experimental results demonstrate that the proposed overwriting attacks can effectively compromise existing watermarking schemes across various settings and achieve a nearly 100% attack success rate. The practicality and effectiveness of the proposed overwriting attacks expose security flaws in existing neural audio watermarking systems, underscoring the need to enhance security in future audio watermarking designs.

Related papers

• Self Voice Conversion as an Attack against Neural Audio Watermarking [34.948149764638806]
  We investigate self voice conversion as a universal, content-preserving attack against audio watermarking systems.<n>We demonstrate that this attack severely degrades the reliability of state-of-the-art watermarking approaches.
  arXiv  Detail & Related papers  (2026-01-28T09:41:18Z)
• HarmonicAttack: An Adaptive Cross-Domain Audio Watermark Removal [12.931496380963802]
  A key defense against the misuse of AI-generated audio is by watermarking it, so that it can be easily distinguished from genuine audio.<n>Previous watermark removal schemes either assume impractical knowledge of the watermarks they are designed to remove or are computationally expensive.<n>We introduce HarmonicAttack, an efficient audio watermark removal method that only requires the basic ability to generate the watermarks.
  arXiv  Detail & Related papers  (2025-11-26T16:51:20Z)
• SoK: How Robust is Audio Watermarking in Generative AI models? [6.241477455995664]
  To be effective, audio watermarks must resist removal attacks that distort signals to evade detection.<n>We investigate whether recent watermarking schemes that claim robustness can withstand a broad range of removal attacks.<n>We reproduce 9 watermarking schemes using open-source code, identify 8 new highly effective attacks, and highlight 11 key findings.
  arXiv  Detail & Related papers  (2025-03-24T21:57:59Z)
• Certifiably Robust Image Watermark [57.546016845801134]
  Generative AI raises many societal concerns such as boosting disinformation and propaganda campaigns. Watermarking AI-generated content is a key technology to address these concerns. We propose the first image watermarks with certified robustness guarantees against removal and forgery attacks.
  arXiv  Detail & Related papers  (2024-07-04T17:56:04Z)
• AudioMarkBench: Benchmarking Robustness of Audio Watermarking [38.25450275151647]
  We present AudioMarkBench, the first systematic benchmark for evaluating the robustness of audio watermarking against watermark removal and watermark forgery. Our findings highlight the vulnerabilities of current watermarking techniques and emphasize the need for more robust and fair audio watermarking solutions.
  arXiv  Detail & Related papers  (2024-06-11T06:18:29Z)
• WavMark: Watermarking for Audio Generation [70.65175179548208]
  This paper introduces an innovative audio watermarking framework that encodes up to 32 bits of watermark within a mere 1-second audio snippet. The watermark is imperceptible to human senses and exhibits strong resilience against various attacks. It can serve as an effective identifier for synthesized voices and holds potential for broader applications in audio copyright protection.
  arXiv  Detail & Related papers  (2023-08-24T13:17:35Z)
• Invisible Image Watermarks Are Provably Removable Using Generative AI [47.25747266531665]
  Invisible watermarks safeguard images' copyrights by embedding hidden messages only detectable by owners. We propose a family of regeneration attacks to remove these invisible watermarks. The proposed attack method first adds random noise to an image to destroy the watermark and then reconstructs the image.
  arXiv  Detail & Related papers  (2023-06-02T23:29:28Z)
• Certified Neural Network Watermarks with Randomized Smoothing [64.86178395240469]
  We propose a certifiable watermarking method for deep learning models. We show that our watermark is guaranteed to be unremovable unless the model parameters are changed by more than a certain l2 threshold. Our watermark is also empirically more robust compared to previous watermarking methods.
  arXiv  Detail & Related papers  (2022-07-16T16:06:59Z)
• Speech Pattern based Black-box Model Watermarking for Automatic Speech Recognition [83.2274907780273]
  How to design a black-box watermarking scheme for automatic speech recognition models is still an unsolved problem. We propose the first black-box model watermarking framework for protecting the IP of ASR models. Experiments on the state-of-the-art open-source ASR system DeepSpeech demonstrate the feasibility of the proposed watermarking scheme.
  arXiv  Detail & Related papers  (2021-10-19T09:01:41Z)
• Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal Attack for DNN Models [72.9364216776529]
  We propose a novel watermark removal attack from a different perspective. We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations. Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
  arXiv  Detail & Related papers  (2020-09-18T09:14:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.