When you think of hacking, you tend to think of computers or phones being broken into over the internet. What doesn't tend to spring to mind is hackers using inaudible ultrasonic waves to take control of a digital assistant which can in turn be used to control your smartphone.
But this is precisely what a team of researchers at Washington University in St Louis have been able to do. They have devised an advanced method of hacking called SurfingAttack. It takes advantage of the fact that while humans can't hear ultrasonic tones, many smartphones can.
- Smart cars could be hijacked via AI hacking
- Emotet can now hack Wi-Fi networks
- Thousands of WordPress sites hacked in scam campaign
The attack works by transferring ultrasonic waves through the surface of a table, and it is effective from up to 30 feet away, depending on the type of surface the phone is placed upon. While this is not the sort of distance that would allow for what would ordinarily be considered remote attacks, the fact that they can be carried out in a way which is very difficult to detect is cause for concern.
The attack has been tested on a total of 17 different handsets, and was successful on 15 of them – including various models of iPhone, and handsets phones from Google, Motorola, Samsung and Xiaomi. The transmitted ultrasonic waves were used to call Google Assistant and Siri into action, and to execute tasks such as taking selfies, place calls, retrieve codes from text messages in order to bypass two-factor authentication, and much more.
You can see SurfingAttack in action in the video below:
Keep yourself safe
While SurfingAttack sounds scary – particularly considering it can be executed silently – there is really no reason to be worried. At the moment, there is no suggest that the attack is being actively used, and the conditions under which it is effective are fairly narrow, and the equipment required to generate signals is not only fairly expensive, but also rather cumbersome and obvious.
Nonetheless the team who devised SurfingAttack suggest the following tips to keep your phone safe:
- Keep an eye on your devices placed on tabletops
- Reduce the touching surface area of your phones with the table
- Place the device on a soft woven fabric before touching the tabletops
- Use thicker phone cases made of uncommon materials such as wood
- Turn off lock screen personal results (or unlock with voice match) on Android
- Disable your Voice Assistant on lock screen, and lock your device when you put it down
You can read more about SurfingAttack here (opens in new tab).
- Keep yourself safe with the best antivirus software
Via Vice (opens in new tab)