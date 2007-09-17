Stories
Alexa and Siri Are Vulnerable to 'Silent,' Nefarious Commands

Hacks are often caused by our own stupidity, but you can blame tech companies for a new vulnerability. Researchers from China's Zheijiang University found a way to attack Siri, Alexa and other voice assistants by feeding them commands in ultrasonic frequencies. Those are too high for humans to hear, but they're perfectly audible to the microphones on your devices. With the technique, researchers could get the AI assistants to open malicious websites and even your door if you had a smart lock connected.

The relatively simple technique is called DolphinAttack. Researchers first translated human voice commands into ultrasonic frequencies (over 20,000 hz). They then simply played them back from a regular smartphone equipped with an amplifier, ultrasonic transducer and battery -- less than $3 worth of parts.

What makes the attack scary is the fact that it works on just about anything: Siri, Google Assistant, Samsung S Voice and Alexa, on devices like smartphones, iPads, MacBooks, Amazon Echo and even an Audi Q3 -- 16 devices and seven system in total. What's worse, "the inaudible voice commands can be correctly interpreted by the SR (speech recognition) systems on all the tested hardware." Suffice to say, it works even if the attacker has no device access and the owner has taken the necessary security precautions.

Source: https://www.engadget.com/2017/09/06/alexa-and-siri-are-vulnerable-to-silent-nefarious-commands/

    alexa, initiate a silent self-destruct sequence!

    siri, purchase 2017 porche carrera 911 with default credit card!

    alexa, email address book to looser@mailinator.com!

    siri, install the PwnMe app from the store!

    Hacks are often caused by our own stupidity

    Is this true?

    Suffice to say, it works even if the attacker has no device access and the owner has taken the necessary security precautions.

    What does this mean -- I RTFAed but this is not explained. Maybe it is because I woke up 10 minutes ago but it isn't making sense to me.

      Apparently can't close tags either.

      There is something marketing-like about this article, I'm not quite sure for what. It is like that Geico commercial where claims are placed in strange places: "Did you know scientists say it snows on the moon now? In the future maybe people will being making snowmen on the moon and gieco is a great company." And it worked apparently, because I remembered which company it was.

    Why is audio outside some ranges accepted? Throw all the input through some bandpass filter (not really rocket science) before parsing it and this should not be an issue any more.

