Siri, Alexa Susceptible to Ultrasonic Voice Commands

1 minute read
| News

Apparently Siri, Alexa, and other voice assistants are susceptible to hacks from bats and dolphins—or maybe just hackers that know how to use ultrasonic frequencies. Researchers found voice assistants are more than happy to respond to spoken commands coming from ultrasonic transmitters, which means hackers could literally tell your phone to do something without you hearing the commands.

iPhone and bug

Voice assistants can respond to spoken commands outside of human hearing range

Researchers found (PDF) they could record voice commands and run them through an ultrasonic transducer so humans couldn’t hear what was being said but smartphones still could. They were able to issue commands to call phone numbers, open websites, and even control smarthome devices.

They’re calling the threat DolphinAttack. While it seems particularly nefarious, there are limitations to what it can do. The attack presumes your smartphone is already unlocked, for example, and it doesn’t work if the hacker is more than six feet away from your phone.

The security threat was tested successfully on Siri, Alexa, Cortana, Google Now, Samsung’s S Voice, and Huawei’s HiVoice. So far DolphinAttack is just a proof of concept.

The threat works because the microphones in our smartphones, tablets, and voice assistant appliances can pick up ultrasonic sound even though we can’t hear it. The fix, apparently, is for device makers to release updates that stop devices from listening to frequencies above 20 kHz, or at least to disregard any spoken commands above that frequency.

Since this isn’t an attack that’s currently in the wild it doesn’t pose a major threat, but it’s likely we’ll see updates to the popular voice command platforms to block it. Until then, watch to see if your iPhone starts showing where to find high concentrations of flying bugs or schools of fish because you just can’t trust those bats and dolphins.

2
Leave a Reply

Please Login to comment
2 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
wab95Lee Dronick Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
wab95
Member
wab95

Jeff: I always knew there was something fishy about dolphins. Their cutesy demeanour is just a façade. And don’t even get me started on bats. Any creature that sleeps upside down is not to be trusted. This means that all smart phone users need to be sure to keep their phones locked when at Sea World and around bat caves. In all seriousness, as limited a threat as this seems, it is useful to put this knowledge out there for the community, if for no other reason than to motivate the industry to neutralise it. One should never underestimate the… Read more »

Lee Dronick
Member
Lee Dronick

Remember Steve Jobs and Woz with their blue box phone dialer?