[Video] How Hackers Abuse Siri and Google Assistants by Using Inaudible Voice Commands

HTML
Pixabay

There's an ever-developing list of methods mobile devices can be hacked. But now even something as harmless as leaving your phone sitting on a table could be hacked. Researchers verified that someone could gain access to your cellphone by hacking your smart assistant through voice commands inaudible to humans.

The SurfingAttack, as the assault is called, was developed by a crew of researchers from Michigan State University, the University of Nebraska-Lincoln, and Washington University in St. Louis, Mo., and the Chinese Academy of Sciences. The research itself is precise in a recently posted paper. Essentially, you've already experienced how this attack works if you've ever heard your phone loudly chatter on a table while its silent alarm is going off.

Hackers take advantage of tablecloths to hack phones, too

There is some unique application needed. However, the critical component is an $8 piezoelectric transducer that's capable of generating vibrations that fall beyond the range of human hearing. When connected to a signal generator and then built to a thin piece of glass or steel that can be hidden under a tablecloth, the transducer can impart ultrasonic vibrations, causing the cloth to vibrate and generate sounds that human beings can't hear. The sounds aren't merely tones; they also can be words and commands that the touchy microphones on mobile gadgets can effortlessly detect, triggering a device's smart assistant when it's been set to respond to voice instructions.

Just like commanding Google Assistant with laser beams, the complexity of this hack makes it an unlikely candidate to show up. Maybe you're thinking: "So what? Hackers can use my mobile phone to test the weather, who cares?"

Hackers can pull off stressful stunts through voice assistants

But unfortunately, smart assistants --- such as Siri --- are included in the operating structures of mobile gadgets that hackers can pull off some quite stressful stunts. Hackers, with the help of these voice commands, can set up long-distance calls that quickly rack up unwanted charges and hijacking text messages to access verification codes if your mobile number is used for a two-way verification technique.

The SurfingAttack process also depends on a nearby microphone to focus on responses from a target tool's smart assistant or text messages that may be reviewed aloud by the hands-free option designed to be safer for drivers. After making contact with an intelligent assistant, additional instructions can be extended. The circumstance would then permit the hack to potentially go unnoticed for several minutes-perhaps even longer if the owner is distracted.

Some substances work higher than others at performing ultrasounds to a device, but the researchers used an aluminum plate to drag off the SurfingAttack from a distance of 30 feet, allowing the other required method to be easily hidden out of view.

How to prevent the hack

Hackers have determined several approaches to thwart the assault. To avoid the hack, one can simply disable your smart assistant's always-listening setting and requiring it to be triggered manually. Smartphone users are also urged to use thicker phone cases designed to protect against falls and absorb impacts to avoid thicker tablecloths muffle the ultrasonic waves.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics