Coindesk Logo

A New Ultrasonic Hack Can Exploit Your Siri

A New Ultrasonic Hack Can Exploit Your Siri

A New Ultrasonic Hack Can Exploit Your Siri

A new hack called a SurfingAttack uses ultrasonic guided waves to communicate with a device through the voice assistant.

A new hack called a SurfingAttack uses ultrasonic guided waves to communicate with a device through the voice assistant.

A new hack called a SurfingAttack uses ultrasonic guided waves to communicate with a device through the voice assistant.

AccessTimeIconApr 7, 2020, 8:01 PM
Updated Aug 19, 2021, 1:40 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Researchers are sounding the alarm about a new type of hack focused on smart digital assistants like the Amazon Alexa or Apple's Siri.

The hack, called a "SurfingAttack," uses ultrasonic guided waves that are imperceptible to the human ear to communicate with a device through the voice assistant. It could be used to target Ring services with door deadbolts attached or move the temperature dial on your thermostat.

Security researchers who developed the attack say it enables multiple rounds of interactions between a voice-controlled device and attackers over relatively long distances and without the need for the device to be within sight. It could even be conducted through a heavy surface, like a table.

“Humans cannot hear anything, but the voice assistants will interpret these ultrasonic sounds as a voice command, and conduct certain operations because of it,” said Qiben Yan, an assistant professor at Michigan State University’s Secure and Intelligent Things Lab, who was the lead investigator on the project. “Sending the commands to the voice assistance, we can basically control the voice assistant. There's a lot of opportunities for this when people put their phones down on a table and leave them unattended.”

Yan said hackers could launch conversations with a victim's contacts, and depending on how connected their devices are, potentially control home devices, lock or unlock a car or front door, or alter the thermometer. Such attacks could also impact two factor authentication, by reading the security code sent via text back to the hacker. 

Using a $5 off-the-shelf PZT transducer, a type of electroacoustic transducer, the researchers were able to successfully compromise the following devices. 

Table of phones that researchers compromised.

They believe that more devices could be vulnerable, including  phones protected by silicone rubber phone cases. 

There are steps people can take to prevent such attacks though. Disabling the voice assistance when your phone is locked, or making sure your phone is on a covering such as a tablecloth, can stop the ultrasonic ways from affecting it. Using phone cases of uncommon materials like wood can also help. 

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.