Last Updated on 27/03/2023 by TheDigitalHacker
A new study has shown that inaudible ultrasound commands can be used to control voice assistants and other smart devices, without the knowledge of the user. This can lead to serious security breaches, such as theft of personal information, or even taking control of the device completely.
Who carried out the research?
The research, carried out by a group of researchers from the University of Illinois, showed that ultrasound frequencies above 20 kHz can be used to send commands to devices that have voice assistants, such as smartphones and smart speakers. These frequencies are beyond the range of human hearing and can be used to send commands that are not audible to the user.
The researchers demonstrated that they could use ultrasound to control a variety of devices, including a Google Home, a Nest Cam Indoor, and an iPhone 7. They were able to turn on/off the device, play music, and even place a call without any indication to the user that a command had been given.
The demo
The team also found that it was possible to embed these commands in music files and YouTube videos. This means that a user could unknowingly play a video or song that contained hidden commands that could control their device.
The possibility of potential abuse
The use of ultrasound frequencies in this way is not new, but this study highlights the potential for abuse. While manufacturers of voice assistants are constantly updating their security measures, it is difficult to completely eliminate the risk of attacks such as this.
It is important for users to be aware of the potential risks associated with their smart devices and to take appropriate measures to protect their personal information. This includes regularly updating the software on their devices, being cautious of the apps they download, and avoiding opening links or files from unknown sources.
As technology continues to evolve, it is important for users and manufacturers alike to prioritize security and ethical practices. This means not only staying up-to-date with the latest security measures but also considering the potential consequences of new technologies before they are widely adopted.
How Alexa/google assistant can be attacked?
- Attack through youtube videos plays sounds in the background
- Attack through a Website that plays sounds
- Zoom Meeting
Research URL: https://www.utsa.edu/today/2023/03/story/chen-nuit-research.html
