Ultrasonic Attacks Can Trigger Alexa & Siri With Hidden Commands, Raise Serious Security Risks

Over the last two years, academic researchers have identified various methods that they can transmit hidden commands that are undetectable by the human ear to Apple’s Siri, Amazon’s Alexa, and Google’s Assistant.

According to a new report from The New York Times, scientific researchers have been able “to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites.” This could, perhaps, allow cybercriminals to unlock smart-home doors, control a Tesla car via the App, access users’ online bank accounts, load malicious browser-based cryptocurrency mining websites, and or access all sort of personal information.

In 2017, Statista projected around 223 million people in the U.S. would be using a smartphone device, which accounts for roughly 84 percent of all mobile users. Of these 223 million smartphones users, around 108 million Americans are using the Android Operating System, and some 90 million are using Apple’s iOS (operating system). A new Gallup poll showed that 22 percent of Americans are actively using Amazon Echo or Google Assitant in their homes.

With much of the country using artificial intelligence systems on smartphones and smart speakers, a new research document published from the University of California, Berkeley indicates inaudible commands could be embedded “directly into recordings of music or spoken text,” said The New York Times.

For instance, a millennial could be listening to their favorite song: ‘The Middle’ by Zedd, Maren Morris & Grey. Embedded into the audio file could have several inaudible commands triggering Apple’s Siri or Amazon’s Alexa to complete a task that the user did not instruct — such as, buying merchandise from the music performer on Amazon.

“We wanted to see if we could make it even more stealthy,” said Nicholas Carlini, a fifth-year Ph.D. student in computer security at U.C. Berkeley and one of the paper’s authors.

At the moment, Carlini said this is only an academic experiment, as it is only a matter of time before cybercriminals figure out this technology. “My assumption is that the malicious people already employ people to do what I do,” he added.

The New York Times said Amazon “does not disclose specific security measure” to thwart a device from an ultrasonic attack, but the company has taken precautionary measures to protect users from unauthorized human use. Google told The New York Times that security development is ongoing and has developed features to mitigate undetectable audio commands.

Both companies’ [Amazon and Google] assistants employ voice recognition technology to prevent devices from acting on certain commands unless they recognize the user’s voice.

Apple said its smart speaker, HomePod, is designed to prevent commands from doing things like unlocking doors, and it noted that iPhones and iPads must be unlocked before Siri will act on commands that access sensitive data or open apps and websites, among other measures.

Yet many people leave their smartphones unlocked, and, at least for now, voice recognition systems are notoriously easy to fool.

There is already a history of smart devices being exploited for commercial gains through spoken commands,” said The New York Times.

Last year, there were several examples of companies and even cartoons taking advantage of weaknesses in voice recognition systems, including Burger King’s Google Home commercial to South Park‘s episode with Alexa.

While there are currently no American laws against broadcasting subliminal or ultrasonic messages to humans, let alone artificial intelligence systems on smartphones and smart speakers. The Federal Communications Commission (FCC) warns against the practice, calling it a “counter to the public interest,” and the Television Code of the National Association of Broadcasters bans “transmitting messages below the threshold of normal awareness.” However, The New York Times points out that “neither says anything about subliminal stimuli for smart devices.”

Recently, the ultrasonic attack technology showed up in the hands of the Chinese. Researchers at Princeton University and China’s Zhejiang University conducted several experiments showing that inaudible commands can, in fact, trigger voice-recognition systems in an iPhone.

“The technique, which the Chinese researchers called DolphinAttack, can instruct smart devices to visit malicious websites, initiate phone calls, take a picture or send text messages. While DolphinAttack has its limitations — the transmitter must be close to the receiving device — experts warned that more powerful ultrasonic systems were possible,” said The New York Times.

DolphinAttack could inject covert voice commands at 7 state-of-the-art speech recognition systems (e.g., Siri, Alexa) to activate always-on system and achieve various attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. (Source: guoming zhang

DolphinAttack Demonstration Video 

While the number of smart devices in consumers’ pockets and at their homes is on the rise, it is only a matter of time before the technology falls into the wrong hands, and unleashed against them. Imagine, cybercriminals accessing your Audi or Tesla via ultrasonic attacks against voice recognition technology on a smart device. Maybe these so-called smart devices are not smart after all, as the dangers of these devices are starting to be realized. Millennials will soon be panicking.


kralizec ThanksChump Thu, 05/17/2018 - 07:58 Permalink

The NYT's?

Great...ZH relying on ye Olde Grey Hag...

This is an attempt at Onionesque humor, yes?

The closer is a hoot...Millennial's panicking?  Bwuuuhaahaaa!!!

They would need to have rudimentary cognitive skills for that to have a chance of occurring on an intelligent level!!!

Good parody, beats the usual gloom and doom crap!

In reply to by ThanksChump

swmnguy lincolnsteffens Thu, 05/17/2018 - 07:24 Permalink

It's really weird.  I've been paying my chiropractor with a personal check at each appointment for nearly 20 years.  His bookkeeper (his wife) strongly hinted last time she'd prefer me to pay by credit or debit card.  I said, "Doesn't that cost you 2%-3% in fees?"  She said yes, but it's inconvenient to take checks to the bank.  Their bank is on the ground floor of the building their office is in.

Very weird.  I may offer her cash next time I go in, in a couple weeks.

I myself don't like to take out a loan to make small purchases, though people don't understand using a credit card is in fact taking out a loan.  And I'm not going to use a debit card for any reason, having seen a few people deal with the fallout from debit card fraud, from which they're not well-protected.  They got their money back, but not easily, and they were out their own money until they convinced the bank to do the right thing which the bank was not quick to do. 

In reply to by lincolnsteffens

chiquita nodhannum Thu, 05/17/2018 - 09:30 Permalink

Might I ask what eating clean (not necessarily purchased from "Whole Paycheck") has anything to do with this discussion?  Organic and free range does not have to cost triple--plenty of us who do not fit the profile for those who chose to bring "smart devices" into their homes/lives do choose to be concerned for our health and for not ingesting any more pesticides and other harmful chemicals than necessary. 

I do not own a smart phone or a smart TV--won't have them.  I get a lot of crap about it, but so what?  I've shown friends/relatives in real time how their smart phones--particularly iPhones--listen in on their in-person conversations (where they are not speaking to someone on the phone) and, based on some information mentioned in said conversation, they start getting advertisements on their phone about that thing (product, TV show, etc.).  The irony here is how Tim Cook is going around pointing fingers at Google and Facebook about how they abuse people's privacy...  We know the government listens in on all phone calls, but why would anyone want their phones--or these in-home "assistants"--to be spying on them all the time?  The idea of having nothing to hide isn't acceptable, but that's what most people say as they shrug off what they consider an acceptable invasion of privacy.  It isn't okay.  You don't have to have anything to hide--it's your privacy and giving it away like this is one step closer to totalitarianism.


In reply to by nodhannum

BigDawgz chiquita Thu, 05/17/2018 - 09:47 Permalink

I have a smart TV because that's pretty much all you can buy these days.....BUT....my tv is connected only to my dvd player & an "old-fashioned" over-the-air TV antenna.  I don't have any home internet so I don't think it can be used to spy on me.  Am I right in that belief or am I just deluding myself?  

In reply to by chiquita

Boxed Merlot Bobby2fish Thu, 05/17/2018 - 11:37 Permalink

...realize they are being spied on? ...

Yep, I still laugh thinkin about the straight laced CIA types having to be subjected to "acid tests" without their "consent". The agency gets around this little detail in their small print that the agency reserves the right to determine their "trustworthiness" in any way seen fit, even if that means 24/7 embedded surveillance, sensory deprivation / enhancement and any other technique that may be made available.

Snakes swallowing their tails.

In reply to by Bobby2fish

MusicIsYou Wed, 05/16/2018 - 23:22 Permalink

And it is not just  Siri. If I want to kill your fckingass I will make your car go from 0-60 and crash you into a wall. Haha. You should die like good little monkeys. Die little monkeys: hear no evil, speak no evil, see no evil. Nobody likes you monkeys.

HRH of Aquitaine 2.0 Wed, 05/16/2018 - 23:25 Permalink

Hahahahahaha! Anyone else remember people using the Captain Crunch whistle?

Ben Gurion University hacked air gapped computers back in 2014 using an old 3G phone with AM/FM. Other people hacked an IPhone fingerprint using tape or photos.

Most of the US population is so dumbed down is any of this a surprise?

chiquita deer_flasher Thu, 05/17/2018 - 09:40 Permalink

I didn't see this comment before mentioning this same thing above.  iPhones are notorious for this.  Was in a car with family members discussing various topics, including a popular TV show that they hadn't seen and later a local crime that involved someone who was related to a coworker of one of them from out of state.  Ads for the TV show started being sent to one of the phones withing a half hour of that conversation.  News updates about the crime started coming in without being requested later that evening.  With other people, I've proven this happens as well--the claim by the phone manufacturers is it happens because there are apps that open the microphone without the users' knowledge and this needs to be checked.  We've all seen the pictures of Zuckerberg at his computer with tape covering the camera--believe what you want, don't trust any of them.  

In reply to by deer_flasher

Illusion1 Wed, 05/16/2018 - 23:52 Permalink

I really cannot understand why people buy shitty, overpriced garbage from Apple. The best thing about it is that most of the hardcore Apple fans are spoiled millennials which love communism but can't live without their fancy little gadgets.

A Sentinel BarkingCat Thu, 05/17/2018 - 01:36 Permalink

Here’s the thing. Apple stuff doesn’t crash as much. You lose control but it just works ... until the designed in obsolescence kicks in (it’s real) and then you’re out a bunch more.

I’d agree with you but I need my phone to do its stuff with the lowest failure rate possible and for that I pay communists (Apple) and I pay more than you. I wish I didn’t. 

Hardware-wise, I’m all intel- zero Motorola.

In reply to by BarkingCat

BigDawgz Illusion1 Thu, 05/17/2018 - 09:38 Permalink

I have a crappy Motorola Moto E that is starting to give me planned obsolescence-type issues.  Got to say I'm honestly thinking about going back to using a "dumb" flip phone.  Only thing that has me thinking about NOT doing that is that my sibling prefers to text rather than to call.....and it's a bitch to text on a flip phone since it doesn't have a keyboard.   

In reply to by Illusion1