Connect with us

Tech News

DolphinAttack: the newest way to hack a smartphone

(TECH NEWS) The newest hack that phone makers are having to deal with sounds a lot cuter than the consequences they produce.

Published

on

dolphin apple pay iphone

Voice assistant sabbotage

Everyone and every device are susceptible to a cyber-attack. But what happens if those cyber-attacks turn into real life threats?

bar
It’s more possible than you think. Researchers at China’s Zheijiang University discovered a new tactic that manipulates smart devices’ voice assistants.

Wolf in sheeps clothing

They call it DolphinAttack. It sounds like a non-threatening name, but there is power behind its meaning. DolphinAttack refers to using high frequency voices to silently activate and successfully hack voice assistants. Researchers tested the method by converting human commands into ultrasonic frequencies, over 20,000 hz.

They used a smartphone with an amplifier, ultrasonic transducer and battery to play back the silent commands, which activated the voice assistants.

It’s a simple and extremely inexpensive option for hackers. The total cost of parts was less than $3.

Silent but Detrimental

Ultrasonic frequencies are inaudible to humans because they are too high for us to hear. However, devices using microphones recognize them as a human voice. Researchers tested these silent commands across all hardware in five languages (French, English, Chinese, German, Spanish) and came to the same conclusion across the board.

The method worked was successful on 16 smart devices and 7 systems.

Think of how many devices you have linked to voice assistant. Even if you do not own an at home assistant, you may still use Siri or Google Assistant to search the web and communicate. Hackers can use ultrasonic manipulation to open malicious websites.

The attacks can also become even more direct. In the case where a smart device is linked to unlocking your door, these threats turn into real life dangers.

Devil is in the details

Luckily, there are regulations that can diminish the chances of such an attack. In order to use silent commands, hackers must be at least 5-6 feet from the device. The voice assistants also need to be activated beforehand.

Upon hearing the command, the voice assistant will repeat the action which will alert the owner. This type of attack will be the most successful in a public place as it requires a significant amount of distractions.

Quick fix

Device makers have a chance to stop these attacks before they start. By implementing a program to ignore commands over 20,000 hz and modify microphones to limit high frequencies, smart devices will be immune from such attacks.

However, not everyone is on board. Some companies site ultrasonic pairing with other devices as a reason to not create such limitations. However, is it worth it?

#DolphinsAttacking

Natalie is a Staff Writer at The American Genius and co-founded an Austin creative magazine called Almost Real Things. When she is not writing, she spends her time making art, teaching painting classes and confusing people. In addition to pursuing a writing career, Natalie plans on getting her MFA to become a Professor of Fine Art.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Airbnb has blocked 50K+ bookings for being too big during COVID-19

(NEWS) Airbnb has cancelled a huge number of reservations as a security precaution during COVID-19 in the past year or so.

Published

on

airbnb

In the last year or so, Airbnb has purposefully prevented at least 50,000 people from making irresponsible reservations on their properties, in many cases blocking those people from the platform itself. This prevention, at least in theory, helped cut down on the number of COVID parties during the pandemic.

According to The Verge, Airbnb’s head of trust and safety communication, Ben Breit, acknowledged blocked reservations in several cities across the United States, including Dallas, San Diego, and New Orleans. Breit confirmed that this response was an attempt to prevent large gatherings and parties during the height of the COVID-19 pandemic during which many areas banned group activities involving more than a few people.

While some requests for reservations were simply denied or “redirected”, many users were blocked from using Airbnb entirely. Airbnb noted that the number of blocked requests outpaced the number of people who were blocked, signifying that some accounts attempted to make more than one reservation before being removed from the platform.
Airbnb reportedly stated that “Instituting a global ban on parties and events is in the best interest of public health” prior to enacting a total ban on rentals at the beginning of 2020, a decision that gave way to the blocks and redirections in the last 12 months.

The evaluation system used to flag problematic reservations is relatively simple, according to Breit: “If you are under the age of 25 and you don’t have a history of positive reviews, we will not allow you to book an entire home listing local to where you live.”

But Airbnb didn’t entirely remove multiple-body listings or large rentals. The Verge reports that flagged users with the aforementioned criteria were still able to book both small rentals in local locations and larger rentals in reasonably distant locations.

Regardless of the optics here, Airbnb’s policy efficacy can’t be ignored. Multiple cities reported comparatively “quiet” holiday seasons–something that may contribute to Airbnb’s decision to extend their policy through the end of this summer.

The hosting company is also offering increased security measures, such as noise detection and a 24-hour hotline, at a discounted rate to property owners.

As both the vaccine gap and the proliferation of the Delta variant of COVID-19 continue to contribute to outbreaks, one can reasonably expect Airbnb to hold to this policy.

Continue Reading

Tech News

TL;DV summarizes video meetings so folks can catch up in quickly *with* context

(TECHNOLOGY) TL;DV makes catching up on video team meetings slightly more tolerable and easily digestable.

Published

on

TLDV

2021 was the year of virtual meetings, and while there are some perks associated with remote collaboration (I’m looking at you, pair of work pants that I didn’t have to wear once this year), these meetings often feel exponentially more arduous than their dressed-up counterparts. TL;DV, a consolidation app for Google Meet, looks to give back a bit of your time.

TL;DV (an acronym for “Too Long; Didn’t View”) is a Google Chrome recording extension that helps users specify important sections of meetings for anyone who needs to view them asynchronously. Users can tag specific segments in Google Meet sessions, transcribe audio, and leave notes above tagged sections for timestamp purposes, and the subsequent file can be shared via a host of both Google and third-party apps.

While the extension is only available for Google Meet at the time of writing, the TL;DV team has included a link to a survey for Zoom and MS Teams users on their site, thus implying that the team is looking into expanding into those platforms in the future.

The mission behind TL;DV is, according to the website, to empower users to “control how we spend our precious time” in the interest of combatting FOMO and meeting fatigue. By dramatically shortening the amount of time one must spend perusing a meeting recording, they seem well on their way to doing so.

Of course, the issue of human oversight remains. It seems likely that meeting facilitators will drop the ball here and there while tagging sections of the recording, and employees who miss crucial information in a recorded session are sure to be frustrated in the process–just not as frustrated as they might be if they attended the entire meeting live.

The current (free) version of TL;DV is in Beta, so users will have a three-hour cap on their videos. The development team promises a professional version by the end of 2021, with the added bonus of leaving prior recordings available for free for anyone who used the Beta. This is certainly an extension to keep an eye on–whether or not you’re remaining remote in 2022, virtual conferencing is no doubt here to stay.

Continue Reading

Tech News

Hiding from facial recognition is a booming business

(TECH NEWS) ‘Cloaking’ is the new way to hide your face. Companies are making big money designing cloaking apps that thwart your features by adding a layer of make up, clothing, blurring, and even transforming you into your favorite celebrity.

Published

on

Facial recognition companies and those who seek to thwart them are currently locked in a grand game of cat and mouse. Though it’s been relentlessly pursued by police, politicians, and technocrats alike, the increasing use of facial recognition technology in public spaces, workplaces, and housing complexes remains a widely unpopular phenomenon.

So it’s no surprise that there is big money to be made in the field of “cloaking,” or dodging facial recognition tech – particularly during COVID times while facial coverings are, literally, in fashion.

Take Fawkes, a cloaking app designed by researchers at the University of Chicago. It is named for Guy Fawkes, the 17th century English revolutionary whose likeness was popularized as a symbol of anonymity, and solidarity in V For Vendetta.

Fawkes works by subtly overlaying a celebrity’s facial information over your selfies at the pixel level. To your friends, the changes will go completely unnoticed, but to an artificial intelligence trying to identify your face, you’d theoretically look just like Beyonce.

Fawkes isn’t available to the general public yet, but if you’re looking for strategies to fly under the radar of facial recognition, don’t fret; it is just one example of the ways in which cloaking has entered the mainstream.

Other forms of cloaking have emerged in the forms of Tik Tok makeup trends, clothes that confuse recognition algorithms, tools that automatically blur identifying features on the face, and much more. Since effective facial recognition relies on having as much information about human faces as possible, cloaking enthusiasts like Ben Zhao, Professor of computer science at the University of Chicago and co-developer of Fawkes, hope to make facial recognition less effective against the rest of the population too. In an interview with The New York Times, Zhao asserts, “our [team’s] goal is to make Clearview [AI] go away.”

For the uninitiated, Clearview AI is a start-up that recently became infamous for scraping billions of public photos from the internet and privately using them to build the database for a law enforcement facial recognition tool.

The CEO of Clearview, Hoan Ton-That, claimed that the tool would only be improved by these workarounds and that in long run, cloaking is futile. If that sounds like supervillain talk, you might see why he’s earned himself a reputation similar to the likes of Martin Shkreli or Ajit Pai with his company’s uniquely aggressive approach to data harvesting.

It all feels like the beginning of a cyberpunk western: a story of man vs. machine. The deck is stacked, the rules are undecided, and the world is watching. But so far, you can rest assured that no algorithm has completely outsmarted our own eyeballs… yet.

Continue Reading

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!