Voice assistants like Siri and Google Assistant can be both a curse and a blessing. For example, a curse is the possibility that someone controls your cell phone without your knowledge.
Ultrasound Attack
A team of scientists working at US universities tricked both Siri and the voice assistants from Google. For the attacks, they used directional ultrasonic waves that were inaudible to the human ear. They transferred them to a smartphone on which the digital helpers were active using a piezoelectric signal converter. In total, the researchers tested their method with almost 20 devices, including some iPhones and Samsung Galaxy.
Microphones Are The Cause Of The Problem
The scientists took advantage of a special technical feature of the microphones built into the smartphones. These contain a special membrane with which sound or light waves can be converted into commands. Only some devices, namely the Huawei Mate and the Samsung Galaxy Note , did the attack on the voice assistants not work. The smart speakers from Google also proved to be not susceptible to such attacks, even though similar microphones are built into them.
They were able to activate the voice assistants on almost all devices over a distance of up to ten meters using the ultrasound signals and to have commands executed. For example, they could make calls, take photos and even open and read a text message that contained the code for two-factor authorization. In addition, they previously muted the devices with an inaudible command.
The target may have no idea that information is lost on their phone if they are not viewed directly. However, the team had to record the audio output from the phone to steal data and the sound would certainly point it out to anyone sitting near the phone. The solution was to tell the voice assistant to set the audio output to the minimum level. A sensitive microphone under the table could record the assistant’s answers without alerting people nearby.
