If you think your AI assistant just answers you, think twice! Is that researchers at the Faculty of Engineering at Michigan State University demonstrated a clever way to make smartphone assistants execute malicious commands issued by criminals, as reported on the Tech Xplore website. By using ultrasound frequencies inaudible to the human ear, scientists led assistants to obey his commands. It turns out that smartphone microphones can detect sounds far above human hearing, and these ultrasonic waves can activate Google Assistant and Siri.
Google Assistant and Siri are vulnerable to ultrasonic waves
What is even more alarming is that a similar vulnerability was discovered almost three years ago by a team at Zhejiang University. Through the use of simple hardware that costs about 3 Euros, Chinese scientists were able to transform voice commands into ultrasound and activate Siri and Alexa on various devices. At the time, they called this vulnerability DolphinAttack (since dolphins use ultrasound for navigation). At the time, the Michigan team used a piezoelectric element that converts electricity to ultrasound. However, the basic principle remains the same. These ultrasonic waves can be sent through hard surfaces like metal, wood or glass. The new method is called “SurfingAtttack”.
This vulnerability, if not addressed, could easily allow criminals to send different commands to your smartphone and perform various tasks. They can use Siri to call their friends, steal 2FA codes, cancel meetings or, in theory, even ask for money. Of course, if your smartphone is locked and you use fingerprints or FaceID for authentication, things are less dramatic. Researchers tested the SurfingAttack hack with 17 smartphone models and 15 of them were susceptible. Among them were four iPhones; the 5, 5s, 6 and X; the first three Google Pixel and the Samsung Galaxy S7 and S9.
It is really strange that the manufacturers have left this door open for so long. However, there is an easy way to protect against SurferAttack – according to the researchers. Simply place a soft material under your smartphone when you place it on hard surfaces in public to protect it from malicious ultrasonic influences.