Digital voice-assistants like Siri, Google Assistant, Bixby, and Alexa can be used by hackers to control smart devices via what researchers are calling the Dolphin Attack. It essentially takes advantage of device’s microphone, which can catch frequencies up to 20,000Hz and ultrasound frequencies. A group of researchers from China’s Zheijiang University tested the Dolphin Attack on 16 VCS (Version Control System) models including Apple iPhone, Google Nexus, Amazon Echo, and automobiles. They were able to launch Facetime on iPhones, play music on Echo, and manipulate the navigation system on an Audi.
Elaborating on how the Dolphin Attack works, the researchers explained it relies on injecting voice commands inaudible to humans which are above above 20,000Hz frequencies. While humans are unaware of these commands, the voice-assistant on their devices can still catch them. The human voice commands can then be translated into ultrasound frequencies and played back to get things done by hackers like opening a malicious site on user’s device.
“The fundamental idea of DolphinAttack is (a) to modulate the low-frequency voice signal (i.e., baseband) on an ultrasonic carrier before transmitting it over the air, and (b) to demodulate the modulated voice signals with the voice capture hardware at the receiver,” read the research paper titled ‘DolphinAttack: Inaudible Voice Commands’.
But there are restrictions to launching this attack and a successful would need a set of highly unlikely conditions. For starters, the Dolphin Attack can only be triggered if the target device is in vicinity or within five to six feet from the transmitter. Plus, it requires the device to be unlocked and voice-assistants like Siri and Google Assistant activated on it.
Finally, whenever the Dolphin attack is launched, voice-assistants reply to commands given by hackers, which should ring a bell immediately.
Researchers have suggested two solutions for device makers to detect the Dolphin attack – to disable voice-assistants from responding to frequencies above 20,000Hz and clearly classify audios that are inaudible to humans.
“We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks,”added the research paper.