If you think your AI assistant answers only to you, think twice! Researchers at the Michigan State University College of Engineering have demonstrated a clever way to make smartphone assistants execute malicious commands issued by hackers, Tech Xplore reports. By using ultrasound frequencies inaudible to the human ear, scientists tricked the assistants into obeying their commands. As it turns out, smartphones’ microphones can detect sound way above human hearing, and these ultrasonic waves can activate Siri or Google Assistant.
What’s even more alarming is that a similar vulnerability was discovered almost 3 years ago by a team from Zhejiang University. Using only simple, 3$ worth of additional hardware, the Chinese scientists were able to translate voice commands to ultrasound and activate Siri and Alexa on various devices, calling the vulnerability DolphinAttack (after dolphins using ultrasound for navigation). The team from Michigan used a piezoelectric element instead (converting electricity to ultrasound), but the basic principle remains the same. These ultrasonic waves can be sent through hard surfaces like metal, wood or glass at distances up to 30 feet. The new method is dubbed “SurfingAtttack”.
Image Credit - Michigan State University
This unpatched vulnerability can easily let hackers send different commands to your phone and make it do… well, bad things. They can use Siri to call your friends, steal your 2FA codes, cancel meetings or in theory even ask for money. If your phone is locked though, and you use a fingerprint or a FaceID for authentication, things become less dramatic. Researchers have tested the SurfingAttack hack with 17 phone models and 15 of them proved susceptible. Among them were four iPhones; the 5, 5s, 6 and X; the first three Google Pixels; the Samsung Galaxy S7 and S9.
It’s really strange that manufacturers left this door open for so long, but there’s an easy way to protect yourself against SurferAttack - according to the scientists, simply putting a soft material under your phone when you place it on hard surfaces in public will protect it from malicious ultrasonic influence.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
Mariyan, a tech enthusiast with a background in Nuclear Physics and Journalism, brings a unique perspective to PhoneArena. His childhood curiosity for gadgets evolved into a professional passion for technology, leading him to the role of Editor-in-Chief at PCWorld Bulgaria before joining PhoneArena. Mariyan's interests range from mainstream Android and iPhone debates to fringe technologies like graphene batteries and nanotechnology. Off-duty, he enjoys playing his electric guitar, practicing Japanese, and revisiting his love for video games and Haruki Murakami's works.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: