Voice assistant sabbotage
Everyone and every device are susceptible to a cyber-attack. But what happens if those cyber-attacks turn into real life threats?
It’s more possible than you think. Researchers at China’s Zheijiang University discovered a new tactic that manipulates smart devices’ voice assistants.
Wolf in sheeps clothing
They call it DolphinAttack. It sounds like a non-threatening name, but there is power behind its meaning. DolphinAttack refers to using high frequency voices to silently activate and successfully hack voice assistants. Researchers tested the method by converting human commands into ultrasonic frequencies, over 20,000 hz.
They used a smartphone with an amplifier, ultrasonic transducer and battery to play back the silent commands, which activated the voice assistants.
It’s a simple and extremely inexpensive option for hackers. The total cost of parts was less than $3.
Silent but Detrimental
Ultrasonic frequencies are inaudible to humans because they are too high for us to hear. However, devices using microphones recognize them as a human voice. Researchers tested these silent commands across all hardware in five languages (French, English, Chinese, German, Spanish) and came to the same conclusion across the board.
The method worked was successful on 16 smart devices and 7 systems.
Think of how many devices you have linked to voice assistant. Even if you do not own an at home assistant, you may still use Siri or Google Assistant to search the web and communicate. Hackers can use ultrasonic manipulation to open malicious websites.
The attacks can also become even more direct. In the case where a smart device is linked to unlocking your door, these threats turn into real life dangers.
Devil is in the details
Luckily, there are regulations that can diminish the chances of such an attack. In order to use silent commands, hackers must be at least 5-6 feet from the device. The voice assistants also need to be activated beforehand.
Upon hearing the command, the voice assistant will repeat the action which will alert the owner. This type of attack will be the most successful in a public place as it requires a significant amount of distractions.
Device makers have a chance to stop these attacks before they start. By implementing a program to ignore commands over 20,000 hz and modify microphones to limit high frequencies, smart devices will be immune from such attacks.
However, not everyone is on board. Some companies site ultrasonic pairing with other devices as a reason to not create such limitations. However, is it worth it?