"Uncovering the Unheard: Researchers Reveal Inaudible Remote Cyber-Attacks on Voice Assistant Devices"
Guenevere Chen, an associate professor at the University of Texas at San Antonio, has recently published a paper that demonstrates a novel inaudible voice Trojan attack to exploit vulnerabilities contained by smart device microphones and voice assistants, such as Siri, Google Assistant, Alexa or Amazon's Echo, and Microsoft Cortana. The paper also provides defense mechanisms for users. The Near-Ultrasound Inaudible Trojan (NUIT) was developed to explore how hackers exploit speakers and attack voice assistants remotely and secretly over the Internet. Chen, her doctoral student Qi Xia, and Shouhuai Xu, a computer science professor at UCCS, used NUIT to attack various smart devices, including smartphones and smart home devices. The findings of their demonstrations indicate that NUIT is capable of maliciously controlling the voice interfaces of widely used technology products. Chen highlighted that social engineering is the most common method used by hackers to access devices. Attackers lure targets into installing malicious apps, browsing malicious websites, or listening to malicious audio files. For example, a person's smart device becomes vulnerable when they view a malicious YouTube video containing NUIT audio or video attacks. Signals can secretly attack the microphone on the same device or infiltrate the microphone through speakers from other devices such as laptops, car audio systems, and smart home devices. When hackers gain unauthorized access to a device, they can send inaudible action commands to reduce a device's volume and prevent a voice assistant's response from being heard by the user before launching additional attacks. This article continues to discuss the demonstrated NUIT attack.