Cyber security news for all

More

    Hacker attacks on Google Assistant and Siri

    Voice assistants like Siri and Google Assistant can be both a curse and a blessing. For example, a curse is the possibility that someone controls your cell phone without your knowledge.

    Ultrasound Attack

    A team of scientists working at US universities tricked both Siri and the voice assistants from Google. For the attacks, they used directional ultrasonic waves that were inaudible to the human ear. They transferred them to a smartphone on which the digital helpers were active using a piezoelectric signal converter. In total, the researchers tested their method with almost 20 devices, including some iPhones and Samsung Galaxy.

    Microphones Are The Cause Of The Problem

    The scientists took advantage of a special technical feature of the microphones built into the smartphones. These contain a special membrane with which sound or light waves can be converted into commands. Only some devices, namely the Huawei Mate  and the Samsung Galaxy Note , did the attack on the voice assistants not work. The smart speakers from Google also proved to be not susceptible to such attacks, even though similar microphones are built into them.

    They were able to activate the voice assistants on almost all devices over a distance of up to ten meters using the ultrasound signals and to have commands executed. For example, they could make calls, take photos and even open and read a text message that contained the code for two-factor authorization. In addition, they previously muted the devices with an inaudible command.

    The target may have no idea that information is lost on their phone if they are not viewed directly. However, the team had to record the audio output from the phone to steal data and the sound would certainly point it out to anyone sitting near the phone. The solution was to tell the voice assistant to set the audio output to the minimum level. A sensitive microphone under the table could record the assistant’s answers without alerting people nearby.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox