Voice Activation

Voice AI Devices Vulnerable To Ultrasound Hacks

Amazon's Fire TV Gets Better Echo Controls

Scientists have discovered that Siri, Amazon’s Alexa and other voice assistant programs can be controlled using inaudible ultrasound commands.

The Verge reported news that researchers at China’s Zheijiang University have found that these inaudible commands can be a new cyberattack method for hackers targeting phones, tablets and even cars.

To prove their theory, researchers created a program to translate normal voice commands into frequencies too high for humans to hear using harmonics. They called the method “DolphinAttack,” because dolphins use high-pitch noises bounced off their surroundings as a form of echolocation.

They tested whether the voice commands would be obeyed by 16 voice assistant systems, including Apple’s Siri, Google Home’s Google Now, Samsung S Voice, Microsoft’s Cortana, Amazon’s Alexa and a number of in-car interfaces — and was successful across the board in issuing a number of commands, including “activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode and even manipulating the navigation system in an Audi automobile.”

The researchers also explained that the ultrasound method could be used for malicious cyberattacks, such as instructing a device to visit a website which would download a virus or exploit or initiating outgoing phone calls to spy on a victim.

The good news is that the news hacking technique has a number of limitations, so it probably won’t cause much damage. For example, in order to work, the attacker needs to be no more than a few feet away and in a fairly quiet environment.

In addition, since almost all digital assistant systems respond audibly to any voice commands, it’s unlikely that a hacker could gain control of your phone without you noticing. And to perform more malicious commands — like telling a device to visit a certain website or sending money to someone — you usually have to unlock your device or confirm the instruction.

Researchers also explained that to avoid these issues, the hardware or software can be changed to ignore commands outside a certain frequency range.


Latest Insights: 

Facebook is a giant in the ad game, with 2.3 billion active monthly users and $16.6 billion in quarterly advertising revenue. However, its omnipresence makes it a honeypot for fraudsters. In this month’s Digital Fraud Report, PYMNTS talks with Rob Leathern, Facebook’s director of product management, on how the site deploys automated systems and thorough advertiser vetting to close the lid on fraudster attempts.


To Top