You know how you can set up your digital assistant apps to spring into action when you mention certain keywords? For Microsoft’s digital assistant those keywords would be ‘Hey Cortana.’ Apple’s would be ‘Hey Siri, ’ and for Google Now is ‘Okay Google.’
Well, a security research firm in China has unearthed a loop hole that hackers could exploit to access your device using these voice activated digital assistants. The hackers use a high pitched sound that is inaudible to the human ear but is recognizable by the electronic microphones. They are then able to hack your device using voice prompts that are undetectable to the human ears.
That is to say; they can silently talk to your device, using the digital assistant to do their bidding. This hack apparently works in all the major virtual assistant applications; Cortana, Siri, and Google Now among others.
The security research team, from the Zhejiang University, describe this silent audio hack as the DolphinAttack [PDF]. The researchers say:
The DolphinAttack voice commands, though totally inaudible and therefore imperceptible to humans, can be received by the audio hardware of devices, and correctly understood by speech recognition systems. We validated DolphinAttack on major speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana, and Alexa.
The research team successfully executed a number of voice-prompts commands including wake phrases like ‘Ok Google’ to multiple words requests like ‘unlock the back door.’
Naturally different phones and different digital assistants had a varying degree of success rates, but none was hacked by the silent voice from a distance of more than 5 feet away.
Think about what the silent humming sound could do to your smart home device, phone, or computer
It has become apparent that the next frontier for big tech companies is digital assistant applications. You can gather this from the arms race the companies are currently embroiled in; with company’s such as Samsung and Huawei also joining the bandwagon.
When you think about sitting at home watching TV, then a hacker hiding in your front yard orders your Alexa (or any digital assistant you are using) to open doors to your home. They could first start by requesting the digital assistant shut the lights outside and inside the house, then ambush you in total darkness.
While, that might sound like something from a sci-fi movie, but make no doubt it could soon be a reality. Unless of course, the tech companies currently developing these technologies issue a firmware update to limit the electronics speakers to detecting just sounds within the wavelength audible to the human ear.
Must Read: Fingerprint Biometric Security Can Be Bypassed Using High-Resolution Pictures