Voice Activation

Voice AI Devices Vulnerable To Ultrasound Hacks

Amazon's Fire TV Gets Better Echo Controls

Scientists have discovered that Siri, Amazon’s Alexa and other voice assistant programs can be controlled using inaudible ultrasound commands.

The Verge reported news that researchers at China’s Zheijiang University have found that these inaudible commands can be a new cyberattack method for hackers targeting phones, tablets and even cars.

To prove their theory, researchers created a program to translate normal voice commands into frequencies too high for humans to hear using harmonics. They called the method “DolphinAttack,” because dolphins use high-pitch noises bounced off their surroundings as a form of echolocation.

They tested whether the voice commands would be obeyed by 16 voice assistant systems, including Apple’s Siri, Google Home’s Google Now, Samsung S Voice, Microsoft’s Cortana, Amazon’s Alexa and a number of in-car interfaces — and was successful across the board in issuing a number of commands, including “activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode and even manipulating the navigation system in an Audi automobile.”

The researchers also explained that the ultrasound method could be used for malicious cyberattacks, such as instructing a device to visit a website which would download a virus or exploit or initiating outgoing phone calls to spy on a victim.

The good news is that the news hacking technique has a number of limitations, so it probably won’t cause much damage. For example, in order to work, the attacker needs to be no more than a few feet away and in a fairly quiet environment.

In addition, since almost all digital assistant systems respond audibly to any voice commands, it’s unlikely that a hacker could gain control of your phone without you noticing. And to perform more malicious commands — like telling a device to visit a certain website or sending money to someone — you usually have to unlock your device or confirm the instruction.

Researchers also explained that to avoid these issues, the hardware or software can be changed to ignore commands outside a certain frequency range.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.