Voice-controlled smart assistants are all the rage these days. Just look back at IFA 2017 to see how many devices were proud to announce support for Amazon Alexa, Google Assistant, or Apple Siri (via HomeKit). They are admittedly pretty convenient and powerful, but those same strengths might actually be their Achilles’ heel as well. Chinese researchers have demonstrated that Alexa, Siri, Cortana, and Google Assistant can be easily told to do things without the knowledge, much less permission, of their owners. All by saying commands that no human can actually hear.
Like any kind of wave, sound covers a wide range of frequencies, only a small part of which is actually audible to humans. Anything below 20 Hz and above 20 kHz is imperceptible to our ears that, for all intents and purposes, they might not as well be nonexistent. But the mics in our phones and smart speakers are completely capable of detecting sound beyond those ranges and, in fact, use them for some purposes. Sadly, that fact can be exploited to give them commands that will put users at risk.
The researchers were able to set up a device using nothing more than an off the shelf smartphone and around $3 worth of parts like an amp and a speaker. Within a certain distance, they were not only able to trigger the personal assistants, they were also able to get them to do actions. Imagine getting your phone to visit a malicious website or get your smart speaker to open the door.
There is one major caveat to this attack, nicknamed “DolphinAttack” that does minimize its effectivity. The attacker has to be within a certain distance from the phone or speaker for it to work, from a few inches to a few feet. Still,. that might be far enough to do some damage.
Unfortunately, the companies developing these voice assistants can’t simply tell them to ignore any audio coming from outside the normal human range. These platforms use higher, imperceptible frequencies in order to better analyze audible voice commands. Some also use these “unused” frequencies for features like seemingly magical instant connectivity. It’s not an easy hole to plug, but considering how large a gaping hole it is, the developers should get scrambling to work on a fix.