skip to Main Content
bitcoin
Bitcoin (BTC) $ 98,463.38 0.04%
ethereum
Ethereum (ETH) $ 3,363.47 0.77%
tether
Tether (USDT) $ 1.00 0.00%
solana
Solana (SOL) $ 258.25 0.10%
bnb
BNB (BNB) $ 666.21 6.01%
xrp
XRP (XRP) $ 1.53 10.03%
dogecoin
Dogecoin (DOGE) $ 0.470387 21.55%
usd-coin
USDC (USDC) $ 0.999616 0.03%
cardano
Cardano (ADA) $ 1.08 25.31%
staked-ether
Lido Staked Ether (STETH) $ 3,363.13 0.75%

A New Ultrasonic Hack Can Exploit Your Siri

https://www.shutterstock.com/image-photo/bangkok-thailand-january-31-2019-iphone-1300829641?src=C1OthJ3lBCeQfWIW2_SOFA-1-5&studio=1

Researchers are sounding the alarm about a new type of hack focused on smart digital assistants like the Amazon Alexa or Apple’s Siri.

The hack, called a “SurfingAttack,” uses ultrasonic guided waves that are imperceptible to the human ear to communicate with a device through the voice assistant. It could be used to target Ring services with door deadbolts attached or move the temperature dial on your thermostat.

Security researchers who developed the attack say it enables multiple rounds of interactions between a voice-controlled device and attackers over relatively long distances and without the need for the device to be within sight. It could even be conducted through a heavy surface, like a table.

“Humans cannot hear anything, but the voice assistants will interpret these ultrasonic sounds as a voice command, and conduct certain operations because of it,” said Qiben Yan, an assistant professor at Michigan State University’s Secure and Intelligent Things Lab, who was the lead investigator on the project. “Sending the commands to the voice assistance, we can basically control the voice assistant. There’s a lot of opportunities for this when people put their phones down on a table and leave them unattended.”

Yan said hackers could launch conversations with a victim’s contacts, and depending on how connected their devices are, potentially control home devices, lock or unlock a car or front door, or alter the thermometer. Such attacks could also impact two factor authentication, by reading the security code sent via text back to the hacker. 

Using a $5 off-the-shelf  PZT transducer, a type of electroacoustic transducer, the researchers were able to successfully compromise the following devices. 

screen-shot-2020-04-07-at-1-46-20-pm
Table of phones that researchers compromised.

They believe that more devices could be vulnerable, including  phones protected by silicone rubber phone cases. 

There are steps people can take to prevent such attacks though. Disabling the voice assistance when your phone is locked, or making sure your phone is on a covering such as a tablecloth, can stop the ultrasonic ways from affecting it. Using phone cases of uncommon materials like wood can also help. 

Disclosure Read More

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top