Security researchers from the Zhejiang University have found a way to activate digital personal assistants with sound that is inaudible to the human ear. Their method is called Dolphin Attack and it uses voice commands on frequencies that humans can’t hear but that are caught by microphones in smartphones.
Dolphin Attack can be used to activate digital assistants like Apple’s Siri, Microsoft’s Cortana, Samsung’s Bixby, Google’s Assistant and Amazon’s Alexa. By giving commands like ‘Call 1234567890’, the smartphone can be controlled.
However, the software can also be abused for more serious attacks. E.g when a virtual assistant is coupled to a smart door lock, the lock can be unlocked without the victim noticing.
According to the researchers, every popular digital assistant takes commands given in the higher frequencies. They also state that they think it will be hard for tech companies to make their software not listen to commands in those frequencies, because ultrasonic sound is used to couple devices. E.g Chromecast listens for high frequencies to identify smartphones.
The companies who develop digital assistants haven’t responded to the findings of the researchers.