Voice Assistants Attacked with Commands Fed into Ultrasonic Frequencies

Hacks frequently take place because of our own foolishness, yet fresh vulnerability has been found in which tech companies are to be blamed. The Zheijiang University security researchers from China have discovered one attack method aimed at Alexa, Siri along with voice assistants of other kinds wherein commands are used by injecting them into ultrasonic frequencies. While the mentioned voice assistants are inaudible to human ears because of their extremely high pitch, they can well be heard to microphones on different systems. The method enabled the researchers successfully make AI assistants click into malevolent websites as well as unlock doors that have smart locks attached to them.

The technique, which the research team devised, relies on high frequency audio that would graze past human hearing; yet make possible for electronic devices to detect them. The team managed towards effectively changing commands by human voices to ultrasound that they subsequently tested against more than 12 separate voice assistants, particularly, Alexa, Siri, Cortana and Google Assistant. Everywhere, recipients of these commands carried the same out, and despite humans not being able to hear the inter-communication taking place, it was audible to the digital assistants clear and loud.

This experiment the Zhejiang University researchers named "DolphinAttack" getting the inspiration from dolphins' communications based on high frequency noise. That hackers can successfully transmit instructions to a target machine, they would require being within earshot as well as there should be relative quietness in the environment. Nypost.com posted this, September 7, 2017.

Presently, the majority of DolphinAttack vulnerabilities can be rectified with one relatively simple solution. And that is disabling Google Assistant's or Siri's "always-on" option on one's tablet or phone which will prevent a hacker from talking to the particular device. Meanwhile, both Google Home and Amazon Alexa contain sturdy mute buttons which is expected to execute the trick during most of the instances.

Above all, passwords and codes for unlocking things nearly always act to guard chief commands by virtual assistants, particularly in connection with mobile payments. So an end-user's virtual assistant won't inadvertently drain his bank account in favor of any hacker.

» SPAMfighter News - 9/15/2017