{"id":1726,"date":"2020-03-10T13:37:20","date_gmt":"2020-03-10T09:37:20","guid":{"rendered":"https:\/\/www.techxmedia.com\/?p=1726"},"modified":"2025-04-16T16:18:35","modified_gmt":"2025-04-16T12:18:35","slug":"voice-assistants-hacked-ultrasonic-waves","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/voice-assistants-hacked-ultrasonic-waves\/","title":{"rendered":"Voice assistants can be hacked with ultrasonic waves"},"content":{"rendered":"\n

By \u201cAmer Owaida\u201d, Security\nWriter at ESET<\/strong><\/p>\n\n\n\n

If Siri, Google Assistant or any other\nvoice assistant are part of your daily routine, you may be unnerved to find out\nthat attackers, too, could activate it \u2013 all the while you wouldn\u2019t hear a\nthing. A group of US and Chinese researchers conducted a number of experiments,\nproving that under the right conditions the voice assistants on your smartphone\ncould be fooled into spilling sensitive information or carrying out certain\ntasks.<\/p>\n\n\n\n

According to the paper<\/a>, the researchers tested 17 popular\nsmartphones, including Samsung, Huawei, Apple and Google flagship phones. All\nbut two devices turned out to be susceptible to the attack, called SurfingAttack, which uses ultrasonic\nguided waves to elicit a reaction from the voice assistants.<\/p>\n\n\n\n

Although this research isn\u2019t the first to\ndemonstrate inaudible attacks in action, its predecessors such as DolphinAttack<\/a> or LipRead<\/a> focused on over-the-air transmission and one-way interaction.<\/p>\n\n\n\n

SurfingAttack, on the other hand, works over a solid medium and allows multi-round\ninteractions with the device, since smartphone voice assistants ask questions\nto specify their task and require answers to perform them.<\/p>\n\n\n\n

The researchers used four different\nrepresentative types of tables made from glass, metal, wood and plastic through\nwhich they tried to conduct the ultrasonic attacks. The attack was transmitted\nthrough a piezoelectric disc that was attached under the table, while the\ntargeted smartphone was positioned on the table.<\/p>\n\n\n\n

The whole exchange was also recorded by a\nhidden microphone to emulate how the whole attack would take place and how the\nbad actors would obtain the data.<\/p>\n\n\n\n

To illustrate what the attackers would be\nable to access, the research team took selfies, read out SMS messages and even\nperformed fraudulent calls using the phones. The access to text messages and\ncalls is especially worrying.<\/p>\n\n\n\n

For example, if you secure your accounts with two-factor authentication<\/a> (2FA) and use SMS messages to receive your authentication code, this\nattack could allow hackers to bypass that extra security layer and grant them\naccess to your online services of choice.<\/p>\n\n\n\n

The ne\u2019er-do-wells could also make your\nvoice assistant dial numbers that forward your call abroad or even to a collect\nnumber, racking up obscene charges in the process.<\/p>\n\n\n\n

Only Huawei\u2019s Mate 9 and Samsung\u2019s Galaxy\nNote 10+ didn\u2019t react to any of the prompts, but researchers theorized that it\nwas due to the design of the smartphones and the materials used to manufacture\nthem.<\/p>\n","protected":false},"excerpt":{"rendered":"

A group of US and Chinese researchers conducted a number of experiments, proving that under the right conditions the voice assistants on your smartphone could be fooled into spilling sensitive information or carrying out certain tasks.<\/p>\n","protected":false},"author":8,"featured_media":1398,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9618,9716],"tags":[813,573,812,814,811,810,809],"contributor":[],"class_list":["post-1726","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-editors-pick","category-global-brands","tag-alexa","tag-eset","tag-google_assistant","tag-security_","tag-siri","tag-ultrasonic_waves","tag-voice_assistants"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2020\/02\/Amer-Owaida-Security-Writer-at-ESET-e1582620897336.jpg","author_info":{"display_name":"News Desk","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=1726"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1726\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/1398"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=1726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=1726"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=1726"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=1726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}