A research team from Princeton University, and a separate research team at China's Zhejiang University, have both come to the same unnerving conclusion: It's possible to hack into voice-assistant-equipped devices, like a smartphone, a digital home assistant and even a car, by using ultrasonic commands that the human ear can't detect—but that Siri, Alexa and Google Now can, and which they'll obey.
Enter a caption (optional)
"We show that the [attacker can] play well-designed inaudible ultrasounds to cause the microphone to record normal voice commands, and thus control the victim [sic] device inconspicuously," reads the Princeton research paper. "We demonstrate via end-to-end real-world experiments that our inaudible voice commands can attack an Android phone and an Amazon Echo device with high success rates at a range of 2-3 meters."
The team from Zhejiang University, too, discovered [PDF] that if they transmitted voice commands above the 20kHz human threshold of hearing, from a distance of under two meters they were able to succesfully manipulate "popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. [We also succeeded in] manipulating the navigation system in an Audi automobile."
The ZU team calls their method DolphinAttack, and here's what it looks like in action:
To illustrate, we show that DolphinAttack can achieve the following sneaky attacks purely by a sequence of inaudible voice commands:
(1) Visiting a malicious website. The device can open a malicious website, which can launch a drive-by-download attack or exploit a device with 0-day vulnerabilities.
(2) Spying. An adversary can make the victim device initiate outgoing video/phone calls, therefore getting access to the image/sound of device surroundings.
(3) Injecting fake information. An adversary may instruct the victim [sic] device to send fake text messages and emails, to publish fake online posts, to add fake events to a calendar, etc.
(4) Denial of service. An adversary may inject commands to turn on the airplane mode, disconnecting all wireless communications.
(5) Concealing attacks. The screen display and voice feedback may expose the attacks. The adversary may decrease the odds by dimming the screen and lowering the volume.
The are two, very obvious fixes. The first is that manufacturers of digital assistants ought release patches that have the microphones ignore or filter out ultrasonic frequencies. This is feasible but rather boring.
The second potential fix, which we endorse, is for manufacturers to acquire and distribute, free of charge to consumers, Egyptian fruit bats.
Enter a caption (optional)
We could carry these bats around with us, always keeping them near our smartphones, and they'd be specially trained to shriek and flap their wings to draw your attention anytime an ultrasonic voice command came in.
It might seem inconvenient to carry a bat around, but look, if it's either live with the bat or deal with a bricked phone, which are you going to choose?
Plus they're pretty cute.