This devious cyberattack can target all your smart speakers without you realizing

The Apple HomePod Mini, Sonos One and the Amazon Echo (202) on a blue background
(Image credit: TechRadar)

Researchers from the University of Texas at San Antonio and the University of Colorado, Colorado Springs have discovered an alarming new cyberattack that can target your smart speakers, smartphones, tablets and more, without you even knowing.

The attack consists of an inaudible prompt that can be picked up by voice recognition technology to exploit a vulnerability and proceed with malicious activity, like downloading malware.

Fortunately, the vulnerability has been highlighted by researchers rather than actual cybercriminals, however unless Big Tech acts quickly, it may soon spread into a global cyberattack on a huge scale.

Inaudible smart speaker cyberattack

The attack, of which there are two variants, has been dubbed ‘Near-Ultrasound Inaudible Trojan’ (NUIT), and as its name suggests, it uses near-ultrasound waves to conduct a cyberattack.

NUIT-1 relies on a single device to transmit and receive the command, while NUIT-2 sees one device transmitting the message and any other IoTs nearby receiving.

While the human ear cannot detect near-ultrasound waves, smart speakers and voice assistants can. As such, there is virtually zero risk of exposure making it harder to detect whether our devices are being targeted.

The researchers describe how a short inaudible command, which measures 0.77 seconds, can be embedded into any number of legitimate media like YouTube videos and even Zoom calls.

Of the 17 popular devices tested by the researchers, Siri devices were found to have been the most secure with additional voice authentication measures to prevent other voices from accessing sensitive data, like smart home security systems and smart door locks.

More information is expected to be revealed at USENIX Security Symposium 2023 in August, however in the meantime TechRadar Pro has reached out to Apple, Google, and Amazon to find out what they may be doing to remedy the vulnerability.

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Photograph of a hand holding a smartphone with two googly eyes
Every tap, every message – how to stop your smartphone spying on you
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Voice cloning
I cloned my voice in seconds using a free AI app, and we really need to talk about speech synthesis
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Robotic hand clicking on captcha 'I am not a robot'.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
Find My app logo displayed on an iPhone 11 screen
This Find My exploit lets hackers track any Bluetooth device – here’s how you can stay safe
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP