Every day, there is some new hack that is discovered by the researchers. Now, a group from the Zheijiang University in China have found a way to enter into smartphones and open malicious websites and gain access to connected smart devices using ultrasound frequencies.
Well, going by the report, the hack uses the Dolphin Attack where the frequencies higher than 20KHz are sent to a nearby smartphone in order to attack the digital voice assistants such as Google Assistant, Apple Siri, Amazon Alexa and others. The microphones of the smartphones can catch these frequencies that humans cannot hear.
The voice assistants can catch these high frequencies and take the commands without the consent of the users. With this attack, the researchers were able to translate human voice commands into ultrasound frequencies and play them back using cheap components. These components include a regular smartphone, a battery, an ultrasonic transducer, and an amplifier.
This Dolphin Attack method is likely to work on all the digital voice assistants such as Google Assistant, Samsung S Voice, Amazon Alexa, Apple, Siri, Samsung Bixby and more on devices such as MacBooks, iPads, Amazon Echo, Audi Q3 and more. The scariest aspect of this attach is that the speech recognition can easily recognize this frequency on any of the above-mentioned devices and the attack works despite having the necessary security measures in place.
The Dolphin Attack does not require any access to the device to carry out this hack. The effectiveness of the attack was demonstrated by the researchers. They showed how they could change the navigation on an Audi Q3 and commanded the smartphones to do tasks such as open dolphinattack.com', and 'open the back door'.
One has to note that there are some preconditions for this hack to work. The smartphone to which the signal has to be transmitted to should be within five to six feet from the transmitter. Then, the voice assistant installed in the phone should be activated. The user is alerted immediately as the assistants beep a tone or reply back to the high frequency commands. Eventually, the conditions require the device to be near and unlocked with the voice assistant activated and the user should not be around or should be distracted. On the whole, this is definitely a very unlikely scenario but it can happen if the hackers are serious about causing harm.