301.519.9237 exdirector@nesaus.org

3.9.20 – SSI – NEW YORK

Recent findings show that voice assistants can get hacked by using ultrasonic waves to imitate voice commands, according to Atlas VPN.

According to the latest Atlas VPN research, 75% of households in the United States will have a voice-assisted speaker by 2025. Recent findings also show that voice assistants can get hacked by using ultrasonic waves to imitate voice commands.

Ultrasonic waves do not make a sound, which means that voice-assisted speakers can be hacked without alerting the owner, according Atlas VPN, provider of a free VPN app.

Currently, voice-assisted speakers can be found in approximately 40% of homes in the U.S. It is estimated that the U.S. smart speaker market will almost double by 2025. In 2014, the devices were being used in .5% of U.S. households.

In February, a team of researchers hacked voice assistants on 15 of 17 popular smartphones. They tested both Apple (Siri) and Android (Google Assistant) devices.

The main findings, cited in the Atlas VPN press release, were:

Firstly, ultrasound can travel through solid surfaces to activate voice assistants. The waves are able to move through metal, wood, silicone rubber, and glass. In the experiment, the actual device transmitting ultrasonic waves was under the table, completely undetectable.

Yet, sensitive microphones can intercept and amplify the response sound. Hence, hackers could carry out the attack while the phone owner is completely unaware. Using this approach, researchers were able to read messages, take photos, and make calls on the victim’s device.

This raises security concerns, as some banks use message authentication to access the account. Overall, findings lead to many new hacking opportunities.

“The biggest issue with voice assistants,” says Rachel Welch, COO of Atlas VPN, “they are listening day and night. It is true that Siri or Google Assistant only answer when you mention their names. Yet, to detect when their names were mentioned, they have to listen continuously.”