Security News > 2020 > March > Siri and Google Assistant hacked in new ultrasonic attack

Siri and Google Assistant hacked in new ultrasonic attack
2020-03-02 13:07

Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves.

Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.

As explained in a video showcasing the method, a remote laptop generates voice commands using text-to-speech Module to produce simulated voice commands which are then transmitted to the disc using Wi-Fi or Bluetooth.

In theory, voice assistants should only respond to the owner's voice, but these can now be cloned using machine learning software such as Lyrebird, as was the case in this test.

SurfingAttack was inspired by the 2017 DolphinAttack proof-of-concept, which showed how voice assistants could be hijacked by ultrasonic commands.


News URL

https://nakedsecurity.sophos.com/2020/03/02/siri-and-google-assistant-hacked-in-new-ultrasonic-attack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4924 2873 1623 10414