28 September 2017
Hacking and hijacking devices have always been matters of concern but it seems that with progress in technology, the problem has become more persistent. Does the smartphone chip behind display hack ring a bell? As it turns out, a physical chip placed behind the screen of the phone can be used to hijack devices. This has now culminated into yet another service being hijacked, the voice command hijack. This one is even scarier as it can be used to hijack Amazon’s Alexa, Apple’s Siri, Google Assistant, as well as home help’s from Huawei and Samsung.
These devices can be simply hijacked using certain voice commands and can be used to order your smartphone to make calls, download malicious software, and even leak sensitive data. A demonstration was conducted by researchers from Zhejiang University who were easily able to take over gadgets like iPhones, Amazon Echo speaker, Samsung phones with Bixby and even computers powered by Windows 10 with Cortana.
All that they needed to do was turn voice commands into ultrasonic frequencies which can only be heard by mechanical devices and not by humans. The researchers were able to order an iPhone to "call 1234567890" and even instruct a MacBook and Nexus 7 to open a malicious URL. It seems like the fault lies on a hardware as well as a software level as the hardware can pick up these frequencies and software doesn’t seem to have been well-programmed to distinguish between human voices and computer generated noises.
The loophole remains in the fact that these frequencies can only be picked up if the source is a few inches away, however, one attack on the Apple Watch was possible from a few feet away. Software and security need to work in a better manner to protect gadgets and devices from such attacks.