New ultrasonic hack can manipulate your digital assistant

Researchers are advising consumers about a new type of hack that has recently emerged. It involves the use of smart digital assistants like Google’s Alexa or Apple’s Siri. The hack called a “SurfingAttack” involves the use of ultrasonic guided waves that are unnoticeable to the human ear to communicate with the voice assistant using a device. It could target Ring services with door deadbolts attached or move the temperature dial on your thermostat.

A new hack called a SurfingAttack uses ultrasonic guided waves to communicate with a device through the voice assistant.

By @benjaminopowers https://t.co/KvgsVmtjMD

— CoinDesk (@CoinDesk) April 7, 2020

The hack enables interactions between the hacker and a voice-controlled device over long distances, even if the device is not in sight. The signals could even be transmitted through a solid surface, such as a table.

“Humans cannot hear anything, but the voice assistants will interpret these ultrasonic sounds as a voice command, and conduct certain operations because of it,” said Qiben Yan, an assistant professor at Michigan State University’s Secure and Intelligent Things Lab and a key investigator on the project. “Sending the commands to the voice assistance, we can basically control the voice assistant. There’s a lot of opportunities for this when people put their phones down on a table and leave them unattended.”

Yan stated that hackers could initiate conversations with the victim’s contacts, and if their devices are connected, possibly control home devices, lock or unlock doors and alter the thermostat. Such attacks could also affect two-factor authentication, by reading the security code sent through text message back to the hacker. 

Using a $5 off-the-shelf PZT transducer, a type of electroacoustic transducer, the researchers were able to successfully compromise a wide range of devices such as iPhone X, iPhone 6+, iPhone 5, Samsung S9, Samsung S7, Google Pixel 3, Google Pixel 2, among many others. It is believed that more devices could be at risk, including phones protected by silicone rubber phone cases.

There are a number of steps people can take in order to prevent such attacks from taking place. Disabling the voice assistance when your phone is locked, or ensuring your phone is on a covering such as a tablecloth, can stop the ultrasonic ways from affecting it. Using phone cases of uncommon materials like wood can also help.