alexa echo dot amazon

Ultrasonic waves used to surreptitiously trigger smartphone voice assistants

Image credit: Dreamstime

Ultrasonic waves can be used to trigger Siri and Google Assistant to carry out commands like making phone calls and reading texts without the owner's knowledge, researchers have demonstrated.

While ultrasonic waves have higher frequencies than the human ear can discern, smartphone microphones are able to pick them up.

Researchers from Washington University in St Louis found they can use the waves in a form of cyber-attack that can propagate through many solid surfaces to activate voice-recognition systems.

With the addition of some cheap hardware, the person initiating the attack can also hear the phone’s response.

“We want to raise awareness of such a threat,” said assistant professor Ning Zhang. “I want everybody in the public to know this.”

The team was able to send 'voice' commands to cellphones as they sat inconspicuously on a table, next to the owner. 

With the addition of a stealthily placed microphone, the researchers were able to communicate back and forth with the phone, ultimately controlling it from afar.

“If you know how to play with the signals, you can get the phone such that when it interprets the incoming sound waves, it will think that you are saying a command,” Zhang said.

To test the ability of ultrasonic waves to transmit these 'commands' through solid surfaces, the research team set up a host of experiments that included a phone on a table.

Attached to the bottom of the table were a microphone and a piezoelectric transducer, which is used to convert electricity into ultrasonic waves. On the other side of the table from the phone, ostensibly hidden from its owner, was a waveform generator to generate the correct signals.

The team ran two tests, one to retrieve an SMS (text) passcode and another to make a fraudulent call. The first test relied on the common virtual assistant command “read my messages” and on the use of two-factor authentication, in which a passcode is sent to a user’s phone—from a bank, for instance—to verify the user’s identity.

The attacker first told the virtual assistant to turn the volume down to Level 3. At this volume, the victim did not notice their phone’s responses in an office setting with a moderate noise level.

Then, when a simulated message from a bank arrived, the attack device sent the “read my messages” command to the phone. The response was audible to the microphone under the table, but not to the victim.

In the second test, the attack device sent the message “call Sam with speakerphone,” initiating a call. Using the microphone under the table, the attacker was able to carry on a conversation with “Sam.”

The team tested 17 different phone models, including popular iPhone, Galaxy and Moto models. All but two were vulnerable to ultrasonic wave attacks.

Ultrasonic waves made it through metal, glass and wood. They also tested different table surfaces and phone configurations.

“We did it on metal. We did it on glass. We did it on wood,” Zhang said. They tried placing the phone in different positions, changing the orientation of the microphone. They placed objects on the table in an attempt to dampen the strength of the waves. “It still worked,” he said, “even at distances as far as 30 feet”.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles