Understanding How Ultrasonic Wave Attacks Can Exploit Smartphone Voice Recognition
- Attackers can send commands to phones to make calls, take images, or read the contents of the victims' text messages.
- Ultrasonic waves can pass through solid surfaces, allowing attackers to perform a remote attack within a small radius.
Researchers found a security loophole in smartphone voice recognition systems due to which ultrasonic waves (inaudible to humans) can activate Siri and Google Assistant.
According to research from Washington University in St. Louis, ultrasonic waves can propagate through solid surfaces to activate voice recognition systems in cell phones.
- Furthermore, with the addition of some cheap hardware, an attacker can initiate the attack to eavesdrop on the phone’s response.
- The attacker can send commands to phones to make calls, take images, or read the contents of texts from strangers—all without the phone owner’s awareness.
About the research
Humans can’t hear it but ultrasonic sound waves can be picked up by microphones. As per Zhang, if one knows how to work with signals, they can get the phone to interpret the incoming sound waves, assuming that one is giving a command.
- The research team set up a host of experiments on 17 different phone models including the iPhone, Galaxy, and Moto models.
- To test the ability of ultrasonic waves to transmit commands through solid surfaces, the researchers set up a couple of experiments that involved a phone placed on a table.
- Then they attached a microphone and a piezoelectric transducer (PZT) that converts electricity to ultrasonic waves, to the bottom of the table. To pass their commands, the researchers also hid a waveform generator under the table.
- The researchers first asked the virtual assistant to turn the phone volume down to level 3 which would be nearly inaudible to a victim in an office-like environment.
- Then, the team ran two tests: to retrieve an SMS (text) passcode and to make a fake call.
- For the first test, the researchers sent a “read my messages” command from an attack device, to read a simulated bank pass code message sent to the target phone.
- The response was audible to a hidden microphone placed by the researchers, but not to the victim.
- In the second test, the attack device sent a command “call Sam with speakerphone.” The attacker could actually converse with “Sam,” once again using the hidden microphone placed under the table.
Ultrasonic waves made it through metal, glass, and wood during the experiments. Researchers also tested different table surfaces and phone configurations, even at distances as far as 30 feet. Ultrasonic wave attacks also worked on plastic tables, but not as reliably.
Precaution and other measures
Talking about the research, Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering, said, “I feel like not enough attention is being given to the physics of our computing systems. This is going to be one of the keys in understanding attacks that propagate between these two worlds.”
- The team of experts suggested that if we could differentiate the signal received by phone between ultrasonic waves and genuine human voices, this situation can be tackled.
- The other way could be to change the layout of mobile phones, such as the placement of the microphone, to dampen or suppress ultrasound waves. This might stop a “surfing attack,” as coined by researchers for such attacks.
Zhang added that there’s another simple way to keep a phone out of harm from ultrasonic wave hacks—the interlayer-based defense. It uses a soft, woven fabric to increase the “impedance mismatch.” In simple words, puting the phone on a tablecloth could help safeguard the device against ultrasonic attacks to some extent.