“Hey, Siri, can you tell me one of the best websites to read about science “.
“Yeah, sure. I bet Science Hook is the one” answers, Siri. All of us use Siri or Google Assistant or Alexa or many more virtual assistants to make our work simpler. These virtual assistants have made our lives simpler.
Welcome back, guys. So wondering why virtual assistants are up here? Well, we all well know every good comes with a bad. In a similar fashion, Scientists have demonstrated that these voice assistant systems are susceptible to be hacked. Shocked and surprised. Well, dive in to find out what we have.
These assistants have improved our living conditions and also have changed the landscape of cyber threats. These voice assistant systems are susceptible to signal injection at the inaudible frequencies. Single line commands were executed via line-of-sight ultrasound speaker or extending the range of this attack via speaker array until now. Besides air, sound waves also propagate through other materials where vibration is possible.
Scientists from Washington University aim to comprehend the characteristics of this new genre of attack in the context of different transmission media. They expanded the scope of vulnerability that ultrasonic waves pose to cell phone security.
These UltraSonic waves can activate Siri on your cell phone and have it make calls, take images, or read the contents of a text to a stranger, all without your knowledge. The scarier part is that these things can be done, making no sound.
Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering, emphasized that everyone needs to know about this.
Scientists sent voice commands to cell phones as they sat inconspicuously on a table next to the owner. By adding a stealthily placed microphone, they could communicate back and forth with the phone, controlling it remotely.
Zhang explained, “Ultrasonic waves are sound waves in a frequency that is higher than humans can hear. Cell Phone microphones, however, can and do record these higher frequencies. If you know how to play with the signals, you can manipulate them such that when the phone interprets the incoming sound waves, it will think you are saying a command.”
In another experiment, scientists set out to determine the transmission ability of ultrasonic waves through solid surfaces. They conducted two attacks:
- Hacking an SMS passcode. SMS-based two-factor authentication has been widely adopted by almost all primary services, which often delivers one-time passwords over SMS. A SurfingAttack adversary can activate the victim’s device to read SMS messages in secret, thereby extracting SMS passcodes.
- Making fraudulent calls. A SurfingAttack adversary can also take control of the owner’s phone to call arbitrary numbers and conduct an interactive dialogue for phone fraud using the synthetic voice of the victim.
The test included 17 different phone models, including popular iPhones, Galaxy, and Moto models. All but two were vulnerable to ultrasonic wave attacks.
The study also suggested some defense mechanisms that could protect against such an attack. It includes the use of software that examines the received signal to discriminate between ultrasonic waves and genuine human voices. Another idea is to change the layout of cell phones; for example, placing the microphone to dampen or suppress ultrasound waves could also stop a surfing attack.
Zhang added that a simple way to keep phones out of harm’s way of ultrasonic waves: the interlayer-based defense, which uses a soft, woven fabric to increase the ‘impedance mismatch.’
This study was conducted in the collaboration between scientists from Michigan State University, the University of Nebraska-Lincoln, and the Chinese Academy of Sciences.