Voice-activated digital assistants have become one of the more pervasive technologies in the world, found on nearly every smartphone, with Apple Inc.'s (NASDAQ: AAPL) Siri being one of the most well-known.
Once restricted to phones, these virtual helpers can now be found on a wide variety of devices. Smart speakers like Amazon.com's (NASDAQ: AMZN) Echo and Alphabet Inc.'s (NASDAQ: GOOGL) (NASDAQ: GOOG) Google Home top the list. The technology is present in many home computers via Microsoft's (NASDAQ: MSFT) Cortana, and in an increasing number of cars, like the Audi (NASDAQOTH: AUDVF) Q3 with voice commands.
But hackers are hard at work trying to gain the upper hand in any computer technology, and voice control is high on their hit list.
Hackers can now hijack voice-controlled devices. Image source: Getty Images.
The silent attack
While many methods employed by hackers require a user to make some error in judgement, like clicking a malicious link in a seemingly legitimate email, these latest attacks can be accomplished without any misstep from the user.
Researchers from China's Zhejiang University have reportedly discovered a way to hijack the most widely used voice-controlled devices using ultrasonic frequencies that are inaudible to human hearing, but can be detected by the microphones on your smartphone and other devices. Deploying a technique they called a "DolphinAttack," the team translated some of the most-used human voice commands into high frequencies -- above 20 kHz -- and then aimed them at smartphones, tablets, smart speakers, and even some in-car interfaces.
In their recently published study, the researchers tested voice control agents from some of the biggest names in technology, testing 16 in all. Siri, Google Now, and Amazon's Alexa were all subjected to the experiment, as were Cortana, Audi voice command, and Samsung's (NASDAQOTH: SSNLF) S Voice.
The research team was able to use basic commands like "Hey, Siri" and "Alexa" to activate the devices, as well as successfully instructing iPhones to "call 1234567890" and an iPad to FaceTime the same number. They were able to convince Google Now to switch to airplane mode, and even successful at controlling the navigation system on the Audi. The hack was effective across every device tested, in a variety of languages.
The attacks were accomplished using a Samsung Galaxy S6 Edge smartphone, an ultrasonic transducer, a low-cost amplifier, and a battery. Excluding the smartphone, the cost of the parts necessary to build the hacking tool was less than $3.