Siri and Alexa can hear more than you can—and that's a problem.
You may have thought that you'd be able to hear any rogue attempts to control your increasingly powerful voice assistant. But it turns out that the hardware and algorithms used to control devices like Amazon's Echo speaker or Apple's Siri can actually hear commands issued via ultrasound, which is above the range of human hearing.
Researchers at Zhejiang University in China have shown that they can encode commands in high frequency sound that are still recognized by voice assistants. They take a regular human voice and use it to modulate an ultrasound signal—much like the way music can be encoded onto radio waves. Turns out, the mic on devices like an iPhone or Amazon Echo speaker can still detect the sound, and their signal-processing software also picks up the voice signals encoded on the wave.
The researchers say that they have been able to activate Siri to initiate a FaceTime call on an iPhone, command Google Now to switch a phone to airplane mode, and even control the navigation system of an Audi. The same trick also works on Cortana and Alexa, too.
It's worth pointing out that this isn't the most surprising of attacks. Researchers have already shown that microphones and speakers on smartphones can be repurposed to send and receive ultrasound. So really it was just a case of finding out if the software responded to signals hidden on high-frequency sound. Clearly, they do.
It's easy enough for manufacturers to safeguard against such attacks by making tweaks to either hardware or software. But given that a sound source needs to be just a couple of meters away from your device for the hack to work in practice, there might not be much need. You either have an intruder in your property or another hacked device in your home playing rogue sound—so you likely have larger concerns than what Alexa is doing right now.
Everything dies, including information
Digitization can help stem the tide of entropy, but it won’t stop it.
Moving money in a digital world
Security is the critical element to expanding digital-first payments.
Cyber resilience melds data security and protection
Organizations face pervasive and sophisticated cyberattacks, but modern data protection techniques can provide a multifaceted defense.
A new age of disaster recovery planning for SMEs
How cybersecurity threats have morphed, why SMEs need to plan for disaster recovery, and what they should do about it.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.