Digital Home Assistants Vulnerable To Secret Ultrasound Commands

Scientists from China’s Zheijiang University have published new research that demonstrates how voice-activated digital home assistants can be controlled using secret ultrasound commands. The researchers tested 16 voice control systems, including Siri, Google Now, Samsung S Voice, Cortana, Alexa, and some in-car interfaces. The commands were successful across the board, even though the humans couldn’t hear the communication happening.

The portable attack method required an amplifier, ultrasonic transducer, and battery. The researchers created a program that translated normal voice commands into frequencies above 20kHz, too high for humans to hear. Then, they tested whether those commands would be obeyed by the voice control systems.

The researchers were consistently able to issue commands to a number of devices in different languages. According to the researchers, they were successful at “activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile.” The researchers found that the only device tested that was resistant to the attack was the iPhone 6 Plus.

This provides a new method of attack for hackers. Hackers could use the inaudible commands to target phones, tablets, and cars. The researchers wrote, “An adversary can upload an audio or video clip in which the voice commands are embedded in a website, eg, YouTube. When the audio or video is played by the victims’ devices, the surrounding voice-controllable systems such as Google Home assistant, Alexa, and mobile phones may be triggered unconsciously.”

This possibility has been suggested before. Using ultrasound as form of digital communication is quite common. Advertisers regularly broadcast ultrasonic codes in TV commercials that track a user’s activity across devices. Manufacturers may want to look into this sort of hack as it would be pretty easy to implement a fix. The hardware or software could simply be modified to ignore commands outside a certain frequency range.

The new research is certainly an impressive proof of concept. However, there are some limitations to the method that would make it impractical to widespread use. For a device to pick up an ultrasonic voice command, the attacker needs to be no more than a few feet away and must be operating in a quiet location. The researchers also had to buy a special speaker to broadcast the commands.