Announcement

Collapse
No announcement yet.

Closing the binders won't save you - using ultrasonic sounds to hack phones

Collapse
X
Collapse
  •  

  • Closing the binders won't save you - using ultrasonic sounds to hack phones










    First tested in 2017, researches have further investigated the usage of ultrasonic sounds to compromise mobile phone functions.




    Quote





    Voice assistants allow smartphone users to snap a photograph or send a text with a spoken command. Yet they also potentially let hackers do the same things by bombarding the device’s microphone with ultrasonic waves (sounds with frequencies higher than humans can hear). Researchers have previously demonstrated how they could trick a phone by sending these waves through the air, but the approach required proximity to the victim and was easily disrupted by nearby objects. Now a new technique called SurfingAttack can send ultrasonic waves through solid objects. It could enable potential snoops to avoid obstacles and perform more invasive tasks—including stealing text messages and making calls from a stranger’s phone. To test this method, researchers hid a remotely controllable attack device on the underside of a metal tabletop, where it could send ultrasonic waves through the table to trigger a phone lying flat on its surface. “We are using solid materials to transmit these ultrasonic waves,” says Qiben Yan, a computer scientist at Michigan State University. “We can activate your voice assistant placed on the tabletop, read your private messages, extract authentication pass codes from your phone or even call your friends.” The experiment, described in a paper presented at the 2020 Network and Distributed System Security Symposium (NDSS) in February, worked on 17 popular smartphone models, including ones manufactured by Apple, Google, Samsung, Motorola, Xiaomi and Huawei. Voice assistants typically pick up audible commands through the microphone on a smart speaker or cellular device. A few years ago, researchers discovered that they could modulate voice commands to the ultrasonic frequency range. Though inaudible to humans, these signals could still work with a device’s speech-recognition system. One ultrasonic hack, presented at a computer security conference in 2017, used these “silent” commands to make Apple’s assistant Siri start a FaceTime call and to tell Google Now to activate a phone’s airplane mode. That kind of intrusion relied on a speaker placed at a maximum of five feet from the victim’s device, but a later ultrasonic technique presented at a networking conference in 2018 increased the distance to about 25 feet. Still, all of these techniques sent their signals through the air, which has two drawbacks: It requires visibly conspicuous speakers or speaker arrays. And any objects that come between the signal source and target device can disrupt the attack.




     




    Sending ultrasonic vibrations through solid objects allows SurfingAttack to avoid these issues. “The environment is affecting our attack a lot less effectively, in our scenario, than in previous work that’s over the air,” says Ning Zhang, a computer scientist at Washington University in St. Louis. With airborne ultrasonic waves, “if somebody walks by, say in the airport or coffee shop, that signal would be blocked—versus, for our attack, it doesn’t matter how many things are placed on the table.” In addition, the researchers note, their method is less visible and consumes less power than an air-based speaker because its ultrasonic waves emanate from a small device that sticks to the bottom of a table. Yan estimates it could cost less than $100 to build. Another feature of SurfingAttack is that it can both send and receive ultrasonic signals. This arrangement lets it extract information—such as text messages—in addition to ordering the phone to perform tasks. “I think it’s a really intriguing paper, because now [such hacking] doesn’t need in-air propagation of the signals,” says Nirupam Roy, an assistant professor of computer science at the University of Maryland, College Park, who did not contribute to the new study. He also praises the measures the researchers took to ensure that as the ultrasonic signal moved through the tabletop, the material did not produce any noises that might alert the phone’s owner. “Any vibrating surface, even the signal that is flowing through the solid, can leak out some audible signal in the air. So they have shown some techniques to minimize that audible leakage and to keep it really inaudible to the [phone’s] user.”




     




    To avoid falling prey to bad actors, the researchers suggest phone owners could limit the access they give their AI assistants. What an attacker can do “really depends on how much the user is depending on the voice assistant to perform day-to-day activities,” Zhang says. “So if you give your Siri access to your artificial pancreas to inject insulin, then [you’re in] big trouble, because we can ask it to inject a ridiculous amount of insulin. But if you’re a more cautious person and say, ‘Hey, I only want Siri to be able to ask questions from the Internet and tell me jokes,’ then it’s not a big deal.”






    Source: https://www.scientificamerican.com/a...solid-objects/




    https://securityaffairs.co/wordpress...technique.html




    Thoughts: It does sounds worrying, but I don't even use any form of voice assistants at all so I think I have some protections. 




    More...
      Posting comments is disabled.

    Categories

    Collapse

    Article Tags

    Collapse

    Latest Articles

    Collapse

    • Once labelled a mental disorder, WHO now recommends playing games amid coronavirus outbreak
      by Dudicrous
      WHO have put together a #PlayApartTogether campaign which encourages self-isolation, social distancing, and of course, gaming. To push this campaign WHO has enlisted the help of the CEO of Activision Blizzard and the CEO of Riot Games

       




      Quote





      First, eat a health and nutritious diet, which helps your immune system to function properly. 




      Second, limit your alcohol
      ...
      03-31-2020, 04:00 AM
    • First step to self-awareness - Google AI designs its own chip
      by Dudicrous





      Google's own Artificial intelligence has managed to create it's own Tensor processor after less than a day of training.




      Quote





      Ideally you want a chip that’s optimized to do today’s AI, not the AI of two to five years ago. Google’s solution: have an AI design the AI chip. “We believe that it is AI itself that will provide the means to shorten the chip design cycle, creating
      ...
      03-30-2020, 06:16 AM
    • Virus or not, hand in your homework - Github launchers teaching tools for schools
      by Dudicrous
      Github's teaching tools are now globally available, allowing schools to manage computing students easier.




      Quote





      GitHub  today announced new features for GitHub Classroom, its collection of tools for helping computer science teachers assign and evaluate coding exercises, as well as a new set of free tools for teachers. The first of these is autograding, which does exactly what the name promises. Teachers can now
      ...
      03-30-2020, 04:50 AM
    • China & Huawei propose reinvention of the internet
      by Dudicrous
      Summary:

      Huawei, along with the state-run companies China Unicom and China Telecom, and China's Ministry of Industry and Information Technology, together proposed a new standard for networking technology, called "New IP", at the UN's International Telecommunication Union. The proposal claims to enable cutting-edge technologies, but has caused concern among western countries, such as the UK, Sweden, and the US, who believe that the system would give state-run ISPs granular...
      03-30-2020, 04:47 AM
    • A different kind of Processor Exploit - AMD an XBox Source Code Stolen
      by Dudicrous
      Sources:

      AMD Press Release




      Tom's Hardware (Quote Source)




      TheNextWeb




       




      Summary:

      The source code for the next few AMD GPUs (including the upcoming XBox GPU) have been leaked and hackers are demanding $100,000,000 for a copy




       




      Media:



      ...
      03-28-2020, 05:26 AM
    • Time to SET It down - distributed computer project ends after 21 years
      by Dudicrous
      While everyone is focused running folding @home, another computing project has finally ended after years of running.




      Quote





      SETI@home has announced that they will no longer be distributing new work to clients starting on March 31st as they have enough data and want to focus on completing their back-end analysis of the data.




      SETI@home is a distributed computing project where
      ...
      03-27-2020, 06:31 PM
    Working...
    X