Researchers Hack Voice Assistants Using Inaudible Frequencies

Mark Wilson, writing for Fast Company:

Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear. […]

An intruder who wanted to “open the backdoor” would already need to be inside your home, close to your Echo. But hacking an iPhone seems like no problem at all. A hacker would nearly need to walk by you in a crowd. They’d have their phone out, playing a command in frequencies you wouldn’t hear, and you’d have your own phone dangling in your hand. So maybe you wouldn’t see as Safari or Chrome loaded a site, the site ran code to install malware, and the contents and communications of your phone were open season for them to explore.

It’s a clever hack, and something Apple, Amazon, Google, et al ought to address. But if you have a passcode on your iPhone (and you should), Siri won’t open websites while locked. It will place phone calls, though.

Friday, 8 September 2017