Researchers from various universities in the United States have revealed how to use Siri on the iPhone without attracting the attention of the owner device. The study includes several other voice assistants and several phone models, all at risk of this attack.
SurfingAttack, the use of inaccessible audio
The attack itself is based on a very simple system. The driving force ultrasonic sound waves by using a face, for example, a table, to activate the assistant without the owner's knowledge. The attack process is quite simple.
Using a piezoelectric interpreter (which converts electricity to broadband, wide strings) sent to the bottom of the table allows the waves to be transmitted. These waves captured by a microphone various devices, they, are active agents.
In order for the invasion to go unnoticed, the first command was sent to those present reduce the volume device, this way the following commands will not raise suspicions.
Then you can do it making phone calls, send messages, set reminders, calendar events, etc.
Possible attack but with many requirements
In the case of Siri, the assistant asks us to unlock our iPhone to fulfill the many requests we can make, he does not ask for all
The fact is that someone might order our iPhone to make a call, for example, a phone paid for their profit seems a long way off. And even though it's a long way off, it's not hard to imagine getting on our list of unique reminders after backing up our iPhone at the Starbucks table.
However, and to get through this direct attack and enter the physical access field on our device, we may need that Siri always ask to open
Aside from this particular attack, investigations revealed points to improve to increase the security of our devices. The easiest solution is to install a helper system in response to the loudness request. Something may have happened to a few before the publication of SirfingAttack.
Source | surfingattack.github.io (via Appleinsider).