ESET details how voice assistants can be hacked using ultrasonic waves

March 10, 2020

This could lead to fraudulent calls and messages if compromised.

Amer Owaida, a security writer at ESET recently compiled a report as to how voice assistants like Siri, Cortana, Alexa, and Google Assistant can now be hacked using ultrasonic waves. This means that you won’t even know that you’re being hacked since these waves are impossible to be seen or heard.

In the report, it was said that a group of US and Chinese researchers have conducted experiments to prove that the hack is possible in the right conditions. Once a voice assistant is fooled, it can read out private messages or even make fraudulent calls without you knowing.

An attack called SurfingAttack uses ultrasonic guided waves so it can elicit a reaction from the voice assistants. A total of 17 smartphones were tested that included popular models from Samsung, Apple, Huawei, and even Google. During the test, two smartphones were found to be susceptible to the hack.

Once the assistants were compromised the researchers then proceeded to take selfies along with sending and reading messages along with initiating phone calls, which the researcher said is especially worrying.

One scenario that Owaida highlighted is if you’re using two-factor authentication. The hack can allow the assistant to read out the SMS authentication message and potentially gain access to your account.

It is interesting to know that Huawei’s Mate 9 and the Samsung Galaxy Note 10+ were the ones that were resistant to hack thanks to the materials used to manufacture them.

A summary of the SurfingAttack vulnerability can be read here.

by Victor
Tech Enthusiast and Movie Buff.