Security researchers from Zhejiang University in China have figured out how to send voice commands, inaudible to humans, through ultrasound to confuse in-built speech recognition systems. The frequency has to be higher than 20 kHz so users don’t hear the commands.
The technique, called “DolphinAttack,” was validated on speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa, and 16 voice controllable systems including Apple iPhone, Google Nexus, Amazon Echo and automobiles.
“DolphinAttack voice commands, though totally inaudible and therefore imperceptible to humans, can be received by the audio hardware of devices, and correctly understood by speech recognition systems,” reads the paper.
The researchers tricked the systems into visiting a malicious website to spy on the user, by initiating outgoing video/phone calls, to inject fake information such as create meetings, send emails or post on social media, and cover up attacks by messing with the display brightness and volume.
If they inject inaudible voice commands to start a FaceTime call, switch a phone to airplane mode, play music on Amazon Echo or mess with the navigation system of an automobile, how easy would it be for hackers to ensure a security breach goes unnoticed?
The research raises some red flags, because similar attacks could be carried out against any device that uses voice recognition, such as wearables, IoT devices for the smart home or smart city, entertainment systems and the GPS function in smart cars.
It is vital that manufacturers pay more attention to the security of voice controllable systems from a software point of view, but better hardware is also necessary; for example inaudible voice command cancellation and microphone enhancement “to suppress any acoustic signals whose frequencies are in the ultrasound range,” the researchers advised.
tags
After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024