Voices outside the range of human hearing can be used to manipulate your phone without any need for traditional hacking.
Using a technique known as a “Dolphin Attack,” prospective invaders simply increase the frequency of a voice command over the 20,000hz threshold of human hearing, and then play it through another phone’s amplifier. For less than three dollars in parts, a phone can relay voice commands to your device beyond your physical ability to perceive.
This is not a new way to hack your phone. Attacks such as this merely exploit the glaring vulnerability in the microphones with which just about every modern device is equipped. Siri, Google Assistant, Samsung S Voice and Alexa, across a multitude of devices, are all equally vulnerable.
The microphones listen to frequencies beyond human hearing to reinforce their ability to understand language, and separate it from surrounding noise. Some also use the ability for ultrasonic pairing with other devices. The easiest and most obvious solution would be to simply restrict devices from following voice-specific commands given outside the range of human hearing. Why such a thing is not already implemented is a question that none of these companies have yet answered.
Testers were able to command strangers’ phones to “open the back door,” call specific numbers, or go to websites. Fortunately, the realistic range for such an attack is no more than five or six feet. Further, your device will respond as if it was hearing your voice, producing the typical sounds and behavior in response. Still, the efficacy of this method of invasion is only held back for the moment, by better amplification.
Who responds, and how, will show very clearly which companies most value our privacy. Though, considering the way companies like Apple and Google use your data, you probably shouldn’t get your hopes up.
Follow Nate Church @Get2Church on Twitter for the latest news in gaming and technology, and snarky opinions on both.