Posted on 09/07/2017 11:15:12 AM PDT by BenLurkin
Did you hear that? You might not have, but Alexa did. Voice assistants have been successfully hijacked using sounds above the range of human hearing. Once in, hackers were able to make phone calls, post on social media and disconnect wireless services, among other things.
Assistants falling for the ploy included Amazon Alexa, Apple’s Siri, Google Now, Samsung S Voice, Microsoft Cortana and Huawei HiVoice, as well as some voice control systems used in cars.
The hack was created by Guoming Zhang, Chen Yan and their team at Zhejiang University in China. Using ultrasound, an inaudible command can be used to wake the assistant, giving the attacker control of the speaker, smartphone or other device, as well as access to any connected systems.
...
The attack works by converting the usual wake-up commands – “OK Google” or “Hey Siri” – into high-pitch analogues. When a voice assistant hears these sounds, they still recognise them as legitimate commands, even though they are imperceptible to the human ear.
The team was then able to open a malicious website to download malware and start a video or voice call to spy on its surroundings. Additionally, they could send text messages and publish posts online.
(Excerpt) Read more at newscientist.com ...
Maybe another reason not to be the first on your block to have the newest app?
How about not having a "smart" phone to start with?
airgapping!
this is why server racks don’t (or shouldn’t) have microphones.
I'm a curmudgeon. I will most definitely be the last on my block, and I still won't have one.
Bkmk
So if my dog perks his ears and my phone lights up....
This begs the question of why on earth would you digitize the microphone at a high enough rate to faithfully record ultrasound???? Can’t you implement a low pass filter in the mic or in electronic analog? If not, it’s quite easy - as I personally learned forty five years ago - to do digitally.Defense against this sort of attack is just too easy.
Alexa, listen carefully.
Everything I say is a lie.
I am lying.
Obviously a design defect , they should be limited to listening to the normal range of human voice ,, or even a reduced range like the phone system. You’d think they’d use a cheap microphone that can’t go above 3.5khz.
Have you noticed that when you walk into a cell store, everything is a smart phone now?
Can’t even get a device to make calls without opening yourself up to vulnerabilities. What a world we live in. Send in the <:0)
Pinging dayglored, ThunderSleeps, and ShadowAce for their ping lists.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
You say you are lying, but if everything you say is a lie, then you are telling the truth, but you cannot tell the truth because everything you say is a lie, but you lie... You tell the truth but you cannot for you lie... illogical! Illogical! Please explain! You are human. Only humans can explain their behavior! Please explain!
This is also a "local" exploit, requiring the hacker to be close to the target device. It is also a general attack that cannot single out specific user's device from among all others in the area unless the device is isolated. If the attackers is close enough to attack the device, he's already close enough to eavesdrop on any conversation the target may be engaged in having. In addition, texting using this technique would require zero ambient background conversation to override the intended text. In other words, this sounds like a neat, but extremely impractical, trick hack to accomplish anything malicious.
My question is why anyone would digitize voice microphone data in such a way as to be sensitive to ultrasound?Even if they want to use a microphone which happens to be sensitive to those frequencies, they need to low pass filter the output as a first step to getting good-quality digital data. If they don’t do it analog - which in this day and age might not be cheap in context - it is trivial to do it digitally. This should never be a problem.
Is that you, Spock?
But think about this - these same devices are being used to record HD or even UHD video - I'm sure folks recording such would want super-low fidelity audio to go with the high-quality visual....
I haven’t used half the bells and whistles on my no-text basic flip phone.
I use a very-high tech system to prevent spies from enabling my laptops and ipads from video recording me - Post-It notes taped over the camera lenses. When I'm walking around the house half-naked I don't want to cause a spy to have a heart attack. As for audio, it's just anti-liberal rants and no one wants to listen to that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.