Face Verification
Address Verification
Document Verification
Age Verification
Video KYC
Fast ID
eIDV
NFC Verification
Consent Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
Behavioural Biometrics
Device Fingerprinting
MFA
AML Screening
Business AML Screening
User Risk Assessment
Transaction Screening
Adverse Media Screening
Identity Verification
KYC
KYB
KYI
Bonus Abuse
Fraud Prevention
Banking
Crypto
Fintech
Forex
Gaming
Gig Economy
Marketplace
Social Networks
Product Managers
Compliance Officers
Fraud Analyst
Global Trust Platform
Journey Builder
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
Blind Spot Audit
Deepfake Detection
Liveness Spoofs
Document Originality
Document Deepfake
Events & Webinar
Podcast Studio
Spotlight Studio
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Compliance
Supported Document
About
Career
Press Release
Certifications
Partnership
Awards
New ultrasonic hack can manipulate your digital assistant
Researchers are advising consumers about a new type of hack that has recently emerged. It involves the use of smart digital assistants like Google’s Alexa or Apple’s Siri. The hack called a “SurfingAttack” involves the use of ultrasonic guided waves that are unnoticeable to the human ear to communicate with the voice assistant using a device. It could target Ring services with door deadbolts attached or move the temperature dial on your thermostat.
A new hack called a SurfingAttack uses ultrasonic guided waves to communicate with a device through the voice assistant.
By @benjaminopowers https://t.co/KvgsVmtjMD
— CoinDesk (@CoinDesk) April 7, 2020
The hack enables interactions between the hacker and a voice-controlled device over long distances, even if the device is not in sight. The signals could even be transmitted through a solid surface, such as a table.
“Humans cannot hear anything, but the voice assistants will interpret these ultrasonic sounds as a voice command, and conduct certain operations because of it,” said Qiben Yan, an assistant professor at Michigan State University’s Secure and Intelligent Things Lab and a key investigator on the project. “Sending the commands to the voice assistance, we can basically control the voice assistant. There’s a lot of opportunities for this when people put their phones down on a table and leave them unattended.”
Yan stated that hackers could initiate conversations with the victim’s contacts, and if their devices are connected, possibly control home devices, lock or unlock doors and alter the thermostat. Such attacks could also affect two-factor authentication, by reading the security code sent through text message back to the hacker.
Using a $5 off-the-shelf PZT transducer, a type of electroacoustic transducer, the researchers were able to successfully compromise a wide range of devices such as iPhone X, iPhone 6+, iPhone 5, Samsung S9, Samsung S7, Google Pixel 3, Google Pixel 2, among many others. It is believed that more devices could be at risk, including phones protected by silicone rubber phone cases.
There are a number of steps people can take in order to prevent such attacks from taking place. Disabling the voice assistance when your phone is locked, or ensuring your phone is on a covering such as a tablecloth, can stop the ultrasonic ways from affecting it. Using phone cases of uncommon materials like wood can also help.
