Amazing Ultrasound Hack Can Secretly Control Siri, Alexa and Google Now
Your digital assistant may taking orders behind your back. Voice activated programs can be controlled using inaudible ultrasound commands. This gives a new method of attack for hackers targeting devices like phones, tablets, and even cars. Using ultrasound as discreet form of digital communication is pretty common. Google's Chromecast and Amazon's Dash Buttons use inaudible sounds to pair to your phone. Advertisers also takes advantage of it too, broadcasting ultrasonic codes in TV commercials that work like cookies in a web browser to track a user's activity across devices.
Scientists from China's Zheijiang University have demonstrated that it is possible. To carry out their attacks, researchers first created a program to translate normal voice commands into frequencies too high for humans to hear using harmonics. Then, they tested whether those commands would be obeyed by 16 voice control systems, including Siri, Google Now, Samsung S Voice, Cortana, Alexa, and other voice activated interfaces. Researchers are calling this DolphinAttack because dolphins use high-pitch noises as a form of communication.
DolphinAttack was successful in all the devices, and the researchers were able to issue a number of commands, including activating Siri to initiate a FaceTime call on iPhone and activating Google Now to switch the phone to the airplane mode. They were even able manipulate the navigation system in an Audi. DolphinAttack can instruct a device to visit a website which would download a virus or initiate outgoing phone calls to spy on a victim.
There are some things we can do to protect against DolphinAttack. Developing voice recognition software that can discriminate between ultrasonic waves and genuine human voices. Changing the placement of the microphone, to dampen or suppress ultrasound waves could also stop a surfing attack.