Researchers from the University of Texas at San Antonio and the University of Colorado, Colorado Springs have discovered an alarming new cyberattack that can target your smart speakers, smartphones, tablets and more, without you even knowing.
The attack consists of an inaudible prompt that can be picked up by voice recognition technology to exploit a vulnerability and proceed with malicious activity, like downloading malware.
Fortunately, the vulnerability has been highlighted by researchers (opens in new tab) rather than actual cybercriminals, however unless Big Tech acts quickly, it may soon spread into a global cyberattack on a huge scale.
Inaudible smart speaker cyberattack
The attack, of which there are two variants, has been dubbed ‘Near-Ultrasound Inaudible Trojan’ (NUIT), and as its name suggests, it uses near-ultrasound waves to conduct a cyberattack.
NUIT-1 relies on a single device to transmit and receive the command, while NUIT-2 sees one device transmitting the message and any other IoTs nearby receiving.
While the human ear cannot detect near-ultrasound waves, smart speakers and voice assistants can. As such, there is virtually zero risk of exposure making it harder to detect whether our devices are being targeted.
The researchers describe how a short inaudible command, which measures 0.77 seconds, can be embedded into any number of legitimate media like YouTube videos and even Zoom calls.
Of the 17 popular devices tested by the researchers, Siri devices were found to have been the most secure with additional voice authentication measures to prevent other voices from accessing sensitive data, like smart home security systems and smart door locks.
More information is expected to be revealed at USENIX Security Symposium 2023 in August, however in the meantime TechRadar Pro has reached out to Apple, Google, and Amazon to find out what they may be doing to remedy the vulnerability.