Google Assistant may be vulnerable to attacks via subsonic commands

12 May, 2018, 07:47 | Author: Becky Perry
  • The Tech Chap  YouTube

The New York Times reports that researchers in China and the USA have discovered a way to surreptitiously activate and command those virtual assistants by broadcasting instructions that are inaudible to the human ear.

As we all know by now, three of the popular digital assistants, Amazon Alexa, Google Assistant and Apple Siri are created to take your voice commands to implement different tasks.

The researcher added that he's confident he and his colleagues will eventually be able to attack any smart device.

They used a technique called DolphinAttack, which translates voice commands into ultrasonic frequencies that are too high for the human ear to recognize.

"We wanted to see if we could make it even more stealthy", said UC Berkeley fifth-year computer security Ph.D. student Nicholas Carlini, one of the authors of the research that has been published online. They say that they have created a way to get rid of sounds that would normally be heard by Google Assistant, Siri and Alexa, and replace them with audio files that can not be heard by the human ear. It's a fair warning to companies designing digital assistant to get out in front of the problem rather than be reactionary. The attack first muted the phone so the owner wouldn't hear the system's responses, either.

The secret commands can instruct a voice assistant to do all sorts of things, ranging from taking pictures or sending text messages, to launching websites and making phone calls. During the Urabana-Champaign, they showed that though commands couldn't yet penetrate walls, they still had the potential to control smart devices through open windows in buildings.

Major league whoops: Mets bat out of order in first inning
Mets: RHP Hansel Robles flew back to NY for an MRI on his right knee, which he twisted Tuesday night while reacting to a bunt. The problem is the lineup card the Mets submitted had Cabrera batting second and Wilmer Flores hitting third.


What these research studies prove is that it's possible to manipulate speech recognition gadgets by making minute changes to speech or other audio files. The group provided samples of songs where voice commands have been embedded to make digital assistants do specific things, including visiting websites, turning on Global Positioning System, and making phone calls.

While the commands may go unheard by humans, the low-frequency audio commands can be picked up, recovered and then interpreted by speech recognition systems.

They were able to hide the command, "O.K. Google, browse to evil.com" in a recording of the spoken phrase, "Without the data set, the article is useless".

They also embedded other commands into music clips.

"Companies have to ensure user-friendliness of their devices, because that's their major selling point", said Tavish Vaidya, a researcher at Georgetown.

But Carlini explained their goal is to flag the security problem - and then try to fix it.

Recommended:



Popular

SpaceX Falcon 9 Rocket launch successful
The satellite is expected to bring Ku-band coverage to Bangladesh and the Bay of Bengal in addition to surrounding countries. The satellite is named after Bangabandhu Sheikh Mujibur Rahman, who is regarded as the founding father of Bangladesh.

Giuliani resigns from law firm amid legal work for Trump
In a statement, he lauded Giuliani's career, including his leadership as New York's mayor in the 1990s and early 2000s. He said the money was "funneled through a law firm" and repaid by Trump .

Lawyer: Trump knew about Schneiderman allegations years ago
Instead, he kept the information to himself as Schneiderman investigated Trump University, and as Trump ran for president. Avenatti is seeking to be heard on a regular basis by Wood on the issue of the confidentiality of some of Cohen's files.

PM Modi meets his Nepal counterpart
Policy makers in New Delhi are pinning high hopes on this visit and hoping it gets Nepal out of the dragons hold. However, Rakesh Sood, India's former Indian ambassador to Nepal, begged to differ.

In Australia found seven bodies with gunshot wounds, including four children
At about 5.15am this morning, police were called to a rural property on the outskirts of this property at Margaret River. The deaths have traumatised the village of Osmington , 20km from tourist spot Margaret River , with just 135 residents.

Google says it's designing Duplex with "disclosure built-in"
This means there would be some factor of human intervention in the process, should things not go as planned. Just provide the date and time, and your Assistant will call the business to coordinate for you .

Mike Pompeo offers aid to North Korea in exchange for forfeiting nukes
However, his comments made clear that the two sides remained far apart on the key issue of what they mean by denuclearization. USA officials had called for North Korea to take bold actions and concrete steps toward denuclearization.

The latest Snapchat redesign brings some sanity back to the platform
Snapchat has started rolling out design changes for iOS devices that it announced during its first quarter earnings report . Stories can now be shared outside the app on the web, while the app also gained new text and mute options .

Princess Charlotte wears Prince George's cardigan in new photo with Prince Louis
Prince Louis arrived a week before Princess Charlotte's third birthday and his arrival brought so much joy to the family of five. The photo was taken by Kate Middleton on Charlotte's birthday (May 2) during the celebrations at Kensington Palace.

Russia: Pence urges Mueller to end investigation - 'Time to wrap it up'
Pence added: "I would very respectfully encourage the special counsel and his team to bring their work to completion". Giuliani asked. "To prepare him for a deposition when he should be preparing to go to North Korea ".