Watch out: Voice assistant ‘hijacking’ technology has been upgraded again

Recently, at the “Network and Distributed Systems Security Conference” of the international top conference on information security in California, the SEIT Laboratory, led by Professor Yan Qixuan of Michigan State University, and scholars from Washington University in St. Louis, the University of Nebraska-Lincoln and the Chinese Academy of Sciences, released a new research technique. Surfing Attack.

Watch out: Voice assistant 'hijacking' technology has been upgraded again

How Surfing Attcak Works

It is understood that SurfingAttack is a new and disruptive attack technology, based on the unique properties of sound transmission in solid materials, by using the use of ultrasonic wave transmission in solid media, and thus to attack the operation of the voice control system.

In this case, the attack can allow multiple rounds of interaction between the voice-activated device and the attacker over a longer distance, regardless of the distance of view. The operation of the silent attack interaction loop means that SurfingAttack can enable new attack scenarios, such as hijacking mobile short message services (SMS) such as verifying passwords, or using the user’s phone and synthetic sound to make unguarded false fraudulent calls (telecom scams) without the user’s awareness.

“We believe SurfAttack is a very real attack, ” Professor Yan told the British technology media The Register. Signal waveform generators are the only bulky devices. Once we replace it with a smartphone, the attack device can be carried around, which means that the radiation range of the attack is moving in a bad direction. “

What is the difference between Surfing Attack and the previous method of voice “hijacking”?

It’s not uncommon to “hijack” voice assistants using hacking techniques, and back in 2017, The Daily Telegraph reported that researchers had discovered vulnerabilities in such technology, sending voice commands to voice assistants in ultrasound and successfully controlling devices. In the experiment, researchers at Zhejiang University controlled the most popular devices of the day, such as the iPhone and MacBook, the Galaxy S8, the Amazon Echo and the Windows 10 computer.

The technology gives hackers a lot of room to imagine that they can use the vulnerability to control devices and order them to perform illegal tasks, such as downloading malware or opening users’ doors.

“In a way, Surfing Attack is equivalent to an evolutionary version of the technology. The difference is that SurfingAttack focuses on the study of the medium of communication and the mode of transmission, i.e. the use of ultrasonic waveguides on the desktop to issue relevant control commands. Compared to the original, spreading attack signals through the desktop means that the attack device is more covert than before, but the cost is much lower than before, a $5. Professor Yan Qixuan introduced it to Titanium Media.

In experiments, the team found that silent ultrasound spread on the desktop to cause ultra-subtle vibrations that do not cause the attacker’s perception at all. When the voice assistant is activated by ultrasound, the handset will wake up. Silent commands sent through pulses secretly instruct the phone assistant to perform a variety of tasks, such as taking pictures with a front-facing camera, reading text messages and making fraudulent calls to contacts. Eavesdropping devices placed under the table record tasks performed by the assistant and transmit audio back to the laptop to transcribe the response process.

This means that SurfingAttack is an interactive attack, unlike aerial interception, where the sound signal is mainly generated by the sender via a computer, which then moves commands to a high-frequency carrier and then transmitted to the phone via desktop media, in other words, the more powerful the voice assistant on your phone, How high the risk factor is hidden in it.

Yan Qiqi told Titanium Media that the quality of the phone’s microphone varies, resulting in the amplifier’s response to nonlinear interference. The current reality is that many of smartphone’s Google assistants can be activated and controlled by random voices.

When a lot of people leave their phones unattended on a table, it’s clearly a perfect gap for someone with ulterior motives.

Hidden, efficient, and hard to defend…

The advice given by Yan Qiqi’s research team on how to effectively defend Surfing Attack goes in two directions.

On the one hand, users can turn off the lock screen personal information (or voice match unlock function) on Android, or disable the voice assistant when the device is locked screen, and do not forget to lock the device when not in use; Devices can be placed on soft braids instead of direct contact with the desktop, or thicker phone cases made from less common materials, such as wood.

In the experiment, Yan’s team observed that the effects of the desktop Surfing Attack, made of different materials, varied.

On a metal table up to 10 meters long, ultrasonic guidewaves can be sent from one end to the other, with significant control. When the media is replaced with a wooden tabletop, 40-50 cm is the limit.

Watch out: Voice assistant 'hijacking' technology has been upgraded again

Experimental process

“This is actually related to the principle of ultrasonic waveguide transmission, glass, metal material tabletop for SurfingAttack response effect is obvious, in wood materials and multi-layered plush tabletops, will produce attenuation signals, and thus achieve a suppressive effect, because in porous materials, will have a interference effect on the transmission of ultrasonic conductors, It may even be offset. Worryingly, glass and metal tabletops are now mainstream. Yan Qiqi added.