'Surfing Attack' Hacks Siri, Google With Ultrasonic Waves
upstart writes in with an IRC submission for Bytram:
Attacks on cell phones aren't new, and researchers have previously shown that ultrasonic waves can be used to deliver a single command through the air.
However, new research from Washington University in St. Louis expands the scope of vulnerability that ultrasonic waves pose to cellphone security. These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and -- with the addition of some cheap hardware -- the person initiating the attack can also hear the phone's response.
The results were presented Feb. 24 at the Network and Distributed System Security Symposium in San Diego.
"We want to raise awareness of such a threat," said Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering. "I want everybody in the public to know this."
Zhang and his co-authors were able to send "voice" commands to cellphones as they sat inconspicuously on a table, next to the owner. With the addition of a stealthily placed microphone, the researchers were able to communicate back and forth with the phone, ultimately controlling it from afar.
[...] Zhang said the success of the "surfing attack," as it's called in the paper, highlights the less-often discussed link between the cyber and the physical. Often, media outlets report on ways in which our devices are affecting the world we live in: Are our cellphones ruining our eyesight? Do headphones or earbuds damage our ears? Who is to blame if a self-driving car causes an accident?
"I feel like not enough attention is being given to the physics of our computing systems," he said. "This is going to be one of the keys in understanding attacks that propagate between these two worlds."
The team suggested some defense mechanisms that could protect against such an attack. One idea would be the development of phone software that analyzes the received signal to discriminate between ultrasonic waves and genuine human voices, Zhang said. Changing the layout of mobile phones, such as the placement of the microphone, to dampen or suppress ultrasound waves could also stop a surfing attack.
But Zhang said there's a simple way to keep a phone out of harm's way of ultrasonic waves: the interlayer-based defense, which uses a soft, woven fabric to increase the "impedance mismatch."
In other words, put the phone on a tablecloth.
Read more of this story at SoylentNews.