It may sound like YouTube has been possessed, but the demonic sounds coming from the clip below are voice commands to access a smartphone's virtual assistant. Researchers have found an attack that uses'hidden voice commands' embedded within clips that lets hackers prompt the assistant to perform a number of tasks. This attack lets hackers make phone calls, use Venmo to transfer money or worse, download malware giving cyberthieves complete control of the handset. Researchers have found an attack that uses'hidden voice commands' embedded within YouTube videos that lets hackers prompt the assistant to perform a number of tasks. They placed an Android 10ft away from the speaker and the'demonic sounds' said'OK Google' Researchers found that hackers are able to embed'hidden voice commands' in YouTube clips to control a smartphones virtual assistant.
Kitten videos are harmless, right? Except when they take over your phone. Researchers have found something new to worry about on the internet. It turns out that a muffled voice hidden in an innocuous YouTube video could issue commands to a nearby smartphone without you even knowing it. The researchers describe the threat in a research paper to be presented next month at the USENIX Security Symposium in Austin, Texas.
Over the last two years, academic researchers have identified various methods that they can transmit hidden commands that are undetectable by the human ear to Apple's Siri, Amazon's Alexa, and Google's Assistant. According to a new report from The New York Times, scientific researchers have been able "to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites." This could, perhaps, allow cybercriminals to unlock smart-home doors, control a Tesla car via the App, access users' online bank accounts, load malicious browser-based cryptocurrency mining websites, and or access all sort of personal information. In 2017, Statista projected around 223 million people in the U.S. would be using a smartphone device, which accounts for roughly 84 percent of all mobile users. Of these 223 million smartphones users, around 108 million Americans are using the Android Operating System, and some 90 million are using Apple's iOS (operating system).
Voice assistant technology is supposed to make our lives easier, but security experts say it comes with some uniquely invasive risks. Since the beginning of the year, multiple Nest security camera users have reported instances of strangers hacking into and issuing voice commands to Alexa, falsely announcing a North Korean missile attack, and targeting one family by speaking directly to their child, turning up their home thermostat to 90 degrees, and shouting insults. These incidents are alarming, but the potential for silent compromises of voice assistants could be even more damaging. Nest owner Google -- which recently integrated Google Assistant support into Nest control hubs -- has blamed weak user passwords and a lack of two-factor authentication for the attacks. But even voice assistants with strong security may be vulnerable to stealthier forms of hacking.
Researchers have devised a way to leverage YouTube to hack mobile devices. A team from the University of California, Berkeley, and Georgetown University have developed the means to compromise a mobile device using hidden voice commands embedded within a YouTube video. In order for the device to be attacked, the intended victim needs to do nothing more than watch the YouTube content. The researchers say on their project page that the hidden voice commands used by the attack are "unintelligible to human listeners but which are interpreted as commands by devices." The video does not even have to be watched on the target mobile device.