SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1937
Hacks are often caused by our own stupidity, but you can blame tech companies for a new vulnerability. Researchers from China's Zheijiang University found a way to attack Siri, Alexa and other voice assistants by feeding them commands in ultrasonic frequencies. Those are too high for humans to hear, but they're perfectly audible to the microphones on your devices. With the technique, researchers could get the AI assistants to open malicious websites and even your door if you had a smart lock connected.
The relatively simple technique is called DolphinAttack. Researchers first translated human voice commands into ultrasonic frequencies (over 20,000 hz). They then simply played them back from a regular smartphone equipped with an amplifier, ultrasonic transducer and battery -- less than $3 worth of parts.
What makes the attack scary is the fact that it works on just about anything: Siri, Google Assistant, Samsung S Voice and Alexa, on devices like smartphones, iPads, MacBooks, Amazon Echo and even an Audi Q3 -- 16 devices and seven system in total. What's worse, "the inaudible voice commands can be correctly interpreted by the SR (speech recognition) systems on all the tested hardware." Suffice to say, it works even if the attacker has no device access and the owner has taken the necessary security precautions.
Source: https://www.engadget.com/2017/09/06/alexa-and-siri-are-vulnerable-to-silent-nefarious-commands/
(Score: 2) by hemocyanin on Thursday September 07 2017, @02:14PM (13 children)
(Score: 2) by hemocyanin on Thursday September 07 2017, @02:15PM
Apparently can't close tags either.
(Score: 0) by Anonymous Coward on Thursday September 07 2017, @02:20PM (3 children)
There is something marketing-like about this article, I'm not quite sure for what. It is like that Geico commercial where claims are placed in strange places: "Did you know scientists say it snows on the moon now? In the future maybe people will being making snowmen on the moon and gieco is a great company." And it worked apparently, because I remembered which company it was.
(Score: 0) by Anonymous Coward on Thursday September 07 2017, @05:01PM (2 children)
I think it's because people seriously think there's a cute girl in their phone responding to their every command. Some voice assistants are empowered women as well with authorization to report sexual harassment. If I'm doing my psychology correctly, the little woman in the phone responding to somebody else's voice that you can't hear must be akin to a strange man whispering in one's wife's ear.
At least, that may be true if you're a heterosexual man. I'm not one of those so what the fuck do I know.
I just want a butler. I want a loyal manservant I can confidently and implicitly trust with even the most confidential matters. I don't know why anybody would want a woman for a servant. As far as sexual harassment, I don't know why anybody would view their faithful servant as a sexual object. The power dynamics are all fucked up. If I wanted a boyfriend, I'd go to bars more often and meet people. I want butler, just a butler.
Circle of protection: Freud. Sometimes a cigar is just a cigar, even if you're a person of indeterminate gender who prefers dating men.
(Score: 2) by Arik on Friday September 08 2017, @12:17AM (1 child)
It's just creepy.
"At least, that may be true if you're a heterosexual man. I'm not one of those so what the fuck do I know."
I'm thinking 'heterosexual men' is still too wide a category for what you're actually thinking of here, but go on.
"I just want a butler. I want a loyal manservant I can confidently and implicitly trust with even the most confidential matters."
That may be both too much and too little to ask for. Butlers are very complicated entities, but complications are the natural enemies of trust.
I had a friend who grew up with a house full of servants, when I first heard that my eyes went wide, that seemed so very cool. But it turned out she hated it. Because she never had any privacy. The servants were, in a sense, the masters - everyone living in the house, it seems, lived in fear of doing something that the servants would find amusing enough to repeat...
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday September 08 2017, @01:09PM
LOOK AT ME!!!!!!!!!!!!!!!!!!!!!!!1111111111
(Score: 5, Informative) by Hyperturtle on Thursday September 07 2017, @02:51PM
It means that an attacker can play commands on his boombox at a loud volume, that no one can hear because it is ultrasonic, and that even a locked car will hear it through the windows, home control devices, smart tvs, phones, alexas, idevices etc, whether user administratively secured or completely locked down by a vendor with a microphone that cannot be disabled without a knife, are vulnerable.
"necessary security precautions" are common tasks end users can do, like changing default passwords that have nothing to do with this, because it's not about admin rights necessarily, but nefarious commands that are already permitted coming in "silently" via unknown sources.
A twitch game stream, or youtube video etc, can easily be created to play out these commands and do significant harm to devices within audible range of the speakers without the user even being aware due to their focus being on that video they are watching.
This really isn't too different from marketers using the same functionality on smart tvs, to determine what users are listening and what their hardware is, since modern phones listen for this as a feature.
The real news here is that non-licensed and non-business partners can make use of it, making a feature into a 'known issue' that is bad because the wrong people are profiting from it. But that's not news; that was predictable.
(Score: 2) by mcgrew on Thursday September 07 2017, @04:24PM (6 children)
I read a different article. It said the attacker would have to be in the same room with you.
This hack would be trivial to defeat, just limit the microphone's high end frequency response to the range of human hearing. Problem solved, it would only take a single coil or capacitor.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 1) by Tara Li on Thursday September 07 2017, @05:13PM (5 children)
Or it could even be done at the cloud level, since the devices are doing no speech recognition of their own - they just ship the data off to the cloud, and get a data stream in return to be played. I expect the devices *could* have been implemented in the 80386 days, honestly.
(Score: 0) by Anonymous Coward on Thursday September 07 2017, @05:50PM (1 child)
Which makes me wonder why they didn't get this security fix for free by sampling at a rate that wouldn't include those frequencies, ie capture a 40kHz stream and everything above 20kHz has to be fitlered out to avoid aliasing artifacts.... Are they sending 48 or 96 kHz just so this hack works?
(Score: 3, Funny) by bob_super on Thursday September 07 2017, @06:54PM
Wouldn't want to miss some the ultrasonic audio processing which tells them whether you're banging or just murdering someone.
You don't want to accidentally get bleach when you need acid.
(Score: 3, Informative) by VLM on Thursday September 07 2017, @06:54PM (2 children)
The game that's being played is non-linear mixing, so the cloud won't help. The problem is the mic and preamp before the cloud hears it.
So you feed less than 10 volts of 42 KHz and 44 KHz ultrasound thru a top quality audio mixing board and you get ... 10 volts of 42 KHz and 44 KHz at the output. Very linear. Not a peep at 2 KHz even though 10 volts is over spec a bit.
Anything non-linear, like a preamp running right at the ragged edge, will result in some level of mixing products being generated, so 10 volts of 42 KHz and 10 volts of 44 KHz in the preamp of an Alexa, given that Alexa isn't a studio quality ultra high linearity mic and soundboard, will result in a horrendous distorted mix of 42 KHz, 44 KHz, and 2 KHz (and also 86 KHz, and harmonics...)
Kinda like an audio amp driven into distortion often (not always) blows the tweeters not the woofers.
(Score: 1) by Tara Li on Thursday September 07 2017, @07:09PM (1 child)
Soooo... They're getting some kind of harmonic that just happens to be in the voice range?
(Score: 2) by VLM on Friday September 08 2017, @01:27AM
exactly yes. nonlinearity in the analog stuff makes a nice mixer... Most electronics are very linear until they aren't (at high levels or whatever)