Hackers Can Hijack Siri and Alexa With $3 Worth of Parts

Markets Motley Fool

Voice-activated digital assistants have become one of the more pervasive technologies in the world, found on nearly every smartphone, with Apple Inc.'s (NASDAQ: AAPL) Siri being one of the most well-known.

Continue Reading Below

Once restricted to phones, these virtual helpers can now be found on a wide variety of devices. Smart speakers like Amazon.com's (NASDAQ: AMZN) Echo and Alphabet Inc.'s (NASDAQ: GOOGL) (NASDAQ: GOOG) Google Home top the list. The technology is present in many home computers via Microsoft's (NASDAQ: MSFT) Cortana, and in an increasing number of cars, like the Audi (NASDAQOTH: AUDVF) Q3 with voice commands.

But hackers are hard at work trying to gain the upper hand in any computer technology, and voice control is high on their hit list.

The silent attack

While many methods employed by hackers require a user to make some error in judgement, like clicking a malicious link in a seemingly legitimate email, these latest attacks can be accomplished without any misstep from the user.

Researchers from China's Zhejiang University have reportedly discovered a way to hijack the most widely used voice-controlled devices using ultrasonic frequencies that are inaudible to human hearing, but can be detected by the microphones on your smartphone and other devices. Deploying a technique they called a "DolphinAttack," the team translated some of the most-used human voice commands into high frequencies -- above 20 kHz -- and then aimed them at smartphones, tablets, smart speakers, and even some in-car interfaces.

Continue Reading Below

In their recently published study, the researchers tested voice control agents from some of the biggest names in technology, testing 16 in all. Siri, Google Now, and Amazon's Alexa were all subjected to the experiment, as were Cortana, Audi voice command, and Samsung's (NASDAQOTH: SSNLF) S Voice.

The research team was able to use basic commands like "Hey, Siri" and "Alexa" to activate the devices, as well as successfully instructing iPhones to "call 1234567890" and an iPad to FaceTime the same number. They were able to convince Google Now to switch to airplane mode, and even successful at controlling the navigation system on the Audi. The hack was effective across every device tested, in a variety of languages.

The attacks were accomplished using a Samsung Galaxy S6 Edge smartphone, an ultrasonic transducer, a low-cost amplifier, and a battery. Excluding the smartphone, the cost of the parts necessary to build the hacking tool was less than $3.

Effective, but with limitations

There are certain limitations that currently restrict the effectiveness of the hijack. The hacking tool had a range of only five or six feet. Also, it was necessary for a user's device to be activated in order for the hacker's commands to be accepted, which is more likely with smart speakers than cellphones. The commands had limited effectiveness in noisy environments. And because digital assistants provide audible responses to voice requests, it's unlikely that these attacks would pass unnoticed.

Still, this research serves as a cautionary tale. Advances in technology come with limitations and new sets of vulnerabilities all their own.

Find out why Apple is one of the 10 best stocks to buy now

Motley Fool co-founders Tom and David Gardner have spent more than a decade beating the market. (In fact, the newsletter they run, Motley Fool Stock Advisor, has tripled the market!*)

Tom and David just revealed their ten top stock picks for investors to buy right now. Apple is on the list -- but there are nine others you may be overlooking.

Click here to get access to the full list!

*Stock Advisor returns as of November 6, 2017

John Mackey, CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Suzanne Frey, an executive at Alphabet, is a member of The Motley Fool's board of directors. Teresa Kersten is an employee of LinkedIn and is a member of The Motley Fool's board of directors. LinkedIn is owned by Microsoft. Danny Vena owns shares of Alphabet (A shares), Amazon, and Apple. The Motley Fool owns shares of and recommends Alphabet (A shares), Alphabet (C shares), Amazon, and Apple. The Motley Fool has the following options: long January 2020 $150 calls on Apple and short January 2020 $155 calls on Apple. The Motley Fool has a disclosure policy.