‘Surfing attack’ hacks Siri, Google with ultrasonic waves Researchers use ultrasound waves vibrating through tables to access cellphones https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/
SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves https://surfingattack.github.io/papers/NDSS-surfingattack.pdf Abstract—With recent advances in artificial intelligence and natural language processing, voice has become a primary method for human-computer interaction. It has enabled game-changing new technologies in both commercial sectors and military sectors, such as Siri, Alexa, Google Assistant, and voice-controlled naval warships. Recently, researchers have demonstrated that these voice assistant systems are susceptible to signal injection at the inaudible frequencies. To date, most of the existing works focus primarily on delivering a single command via line-of-sight ultrasound speaker or extending the range of this attack via speaker array. However, besides air, sound waves also propagate through other materials where vibration is possible. In this work, we aim to understand the characteristics of this new genre of attack in the context of different transmission media. Furthermore, by leveraging the unique properties of acoustic transmission in solid materials, we design a new attack called SurfingAttack that would enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight. By completing the interaction loop of inaudible sound attack, SurfingAttack enables new attack scenarios, such as hijacking a mobile Short Message Service (SMS) passcode, making ghost fraud calls without owners’ knowledge, etc. To accomplish SurfingAttack, we have solved several major challenges. First, the signal has been specially designed to allow omni-directional transmission for performing effective attacks over a solid medium. Second, the new attack enables multi-round interaction without alerting the legitimate user at the scene, which is challenging since the device is designed to interact with users in physical proximity rather than sensors. To mitigate this newly discovered threat, we also provide discussions and experimental results on potential countermeasures to defend against this new threat. https://surfingattack.github.io/papers/NDSS-surfingattack.pdf
_______________________________________________ Medianews mailing list Medianews@etskywarn.net http://etskywarn.net/mailman/listinfo/medianews_etskywarn.net
