Using a cheap hack called the Dolphin Attack (for reasons that will quickly become apparent) with $3 of equipment, security researchers were able to take control of Google Assistant, Alexa, and Cortana among others and issue inaudible voice commands which were then carried out. Now while the concept of inaudible voice commands sounds like an oxymoron, it isn’t. Voice assistants pay attention to a wide range of frequencies, including those as low as the 20khz range (humans can’t hear those), but machines can.
Keeping that in mind hack works like this, it sends voice commands at ultrasonic frequencies to the PC, this means that normal humans will be unable to hear these commands, while PCs and voice assistants will.
The researchers listed examples of actions they were able to carry out, simply by voice commands. These include:
- Visiting a malicious website. The device can open a malicious website, which can launch a drive-by-download attack or exploit a device with 0-day vulnerabilities.
- Spying. An adversary can make the victim device initiate outgoing video/phone calls, therefore getting access to the image/sound of device surroundings.
- Injecting fake information. An adversary may instruct the victim device to send fake text messages and emails, to publish fake online posts, to add fake events to a calendar, etc.
- Denial of service. An adversary may inject commands to turn on the airplane mode, disconnecting all wireless communications.
- Concealing attacks. The screen display and voice feedback may expose the attacks. The adversary may decrease the odds by dimming the screen and lowering the volume.
Microsoft has expanded the power of Cortana to include system functionality like shutting down the computer, restarting or even locking it, and Cortana’s base functionality allows it to launch programs without confirmation. You can also use Cortana to call While you probably won’t be able to do that much damage using Cortana alone on the average Windows PC, it is still a security oversight that is alarmingly easy to circumvent, especially with voice assistants in our phones, computers, and home appliances.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://myinforms.com/en-us/a/706172701-hackers-can-take-control-of-cortana-with-voice-commands-and-you-wouldn8217t-hear-it-coming/