Cyber security news for all

More

    Hacker attacks on Google Assistant and Siri

    Voice assistants like Siri and Google Assistant can be both a curse and a blessing. For example, a curse is the possibility that someone controls your cell phone without your knowledge.

    Ultrasound Attack

    A team of scientists working at US universities tricked both Siri and the voice assistants from Google. For the attacks, they used directional ultrasonic waves that were inaudible to the human ear. They transferred them to a smartphone on which the digital helpers were active using a piezoelectric signal converter. In total, the researchers tested their method with almost 20 devices, including some iPhones and Samsung Galaxy.

    Microphones Are The Cause Of The Problem

    The scientists took advantage of a special technical feature of the microphones built into the smartphones. These contain a special membrane with which sound or light waves can be converted into commands. Only some devices, namely the Huawei Mate  and the Samsung Galaxy Note , did the attack on the voice assistants not work. The smart speakers from Google also proved to be not susceptible to such attacks, even though similar microphones are built into them.

    They were able to activate the voice assistants on almost all devices over a distance of up to ten meters using the ultrasound signals and to have commands executed. For example, they could make calls, take photos and even open and read a text message that contained the code for two-factor authorization. In addition, they previously muted the devices with an inaudible command.

    The target may have no idea that information is lost on their phone if they are not viewed directly. However, the team had to record the audio output from the phone to steal data and the sound would certainly point it out to anyone sitting near the phone. The solution was to tell the voice assistant to set the audio output to the minimum level. A sensitive microphone under the table could record the assistant’s answers without alerting people nearby.

    Recent Articles

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox