Audio Hack Poses Security Risk
12 September 2017 - 14:52 by David Aiken
A new threat faces consumers as a result of the rise of voice-controlled digital assistants, according to research carried out in China and the US.
BBC News reports that experts were able to exploit the digital assistants offered by Amazon, Google and Apple simply by playing high frequency audio, enabling them to take control of devices without physically being in contact with them.
This could enable hackers to hijack accounts and steal personal data from smart speakers and mobile phones, causing chaos and compromising normal security solutions.
It is possible to achieve this by increasing the frequency of the ‘wake words’ which these assistants rely upon to detect when they are needed. In the case of Amazon’s Echo speaker, the wake word is ‘Alexa’ and by broadcasting it ultrasonically the service becomes active and will then respond to further commands.
It was proven that after the assistants had been compromised, hackers could then use the device to visit malicious websites and enable viruses to be installed remotely. On mobile devices, forcing the phone to call a specific number was achievable, which could open consumers up to all types of problems.
It is expected that this type of attack will be counteracted by companies like Amazon through software patches, allowing speakers and mobile to ignore any commands which come in frequencies outside those of normal human speech. So consumers should be able to carry out safe shopping online without worrying about whether anyone else has hacked their digital assistant.
Another preventative measure which could be taken in the future will involve a hardware change, with researchers suggesting that manufacturers should swap in microphones which explicitly eliminate audio in higher frequencies.
A statement issued by Amazon said that security was a priority for the retailer and that it was in the process of considering the findings of both research teams to ensure that its customers can enjoy safe shopping online in any scenario.