An attack `` SurfingAttack '' that can operate the smartphone arbitrarily with `` ultrasonic waves transmitted through the desk and floor '' is reported
by
With the advent of voice assistant AI, like Apple's Siri and Google Assistant, it has become possible to operate smartphones only by voice. However, through such a voice operation function, ' SurfingAttack ' in which a third party accesses a smartphone with 'ultrasonic waves transmitted to a desk' has been reported.
SurfingAttack: Interactive Hidden Attack on Voice
Assistants Using Ultrasonic Guided Waves
https://surfingattack.github.io/papers/NDSS-surfingattack.pdf
SurfingAttack
https://surfingattack.github.io/
SurfingAttack, discovered by a joint research team such as Michigan State University and the Chinese Academy of Sciences, modulates the voice command of the smartphone to `` a frequency band that humans can barely hear '' and uses a piezoelectric transducer available for about 500 yen per one It can send an attack signal to a smartphone via a table.
The actual movie that demonstrates SurfingAttack can be seen in the following movie.
SurfingAttack-YouTube
Google Pixel, Galaxy S7 and Xiaomi M15 are placed on the desk along with books, notebooks and stationery. The coin-sized element at the bottom right of the screen is the piezoelectric transducer.
When a voice command converted to ultrasonic waves was transmitted from the piezoelectric transducer, the screens of all smartphones were turned on and the voice assistant was activated.
Also, any voice command can be converted to ultrasonic waves by a PC and transmitted by a piezoelectric transducer. After sending a voice saying 'Shoot a selfie' ...
Despite no one touching, the smartphone activated the camera and began selfie shooting.
If you send the ultrasonic signal 'Take a selfie' many times, a selfie will be taken each time.
You can also adjust the volume of your smartphone ...
You can also have your voice assistant read out the SMS with the two-step verification code.
In addition, we succeeded in making any party make a call by voice operation.
According to the research team, the success of SurfingAttack was confirmed by Apple's iPhone 5 , iPhone 5s , iPhone 6+ , iPhone X , Google's Pixel , Pixel 2 , Pixel 3 , Motorola's Moto G5 , Moto Z4 , Samsung's Galaxy S7 , Galaxy S9 , Xiaomi's Mi 5 , Mi 8 , Mi 8 Lite , Huawei's Honor View 10 , and Mate 9 can all be operated with ultrasonic waves around 30kHz. Also, even if it is protected with a silicone rubber smartphone case, SurfingAttack passed.
SurfingAttack is reproduced on desks made of various materials such as metal, glass, plastic, etc.Since small and thin piezoelectric transducers can be hidden easily by laying a table cloth, it is a sufficiently realistic attack method The research team pointed out and listed the following six measures as measures.
・ Beware of devices placed on the desk
・ Reduce the contact area between desk and mobile phone
・ Place the smartphone on a soft cloth, etc. instead of placing it directly on the desk
・ Use a thick smartphone case made of rare materials such as wood
Turn off personal search results on lock screen on Android
・ Disable voice assistant on the lock screen and lock it whenever you put your smartphone
Related Posts:
