This devious cyberattack can target all your smart speakers without you realizing

The Apple HomePod Mini, Sonos One and the Amazon Echo (202) on a blue background
(Image credit: TechRadar)

Researchers from the University of Texas at San Antonio and the University of Colorado, Colorado Springs have discovered an alarming new cyberattack that can target your smart speakers, smartphones, tablets and more, without you even knowing.

The attack consists of an inaudible prompt that can be picked up by voice recognition technology to exploit a vulnerability and proceed with malicious activity, like downloading malware.

Fortunately, the vulnerability has been highlighted by researchers rather than actual cybercriminals, however unless Big Tech acts quickly, it may soon spread into a global cyberattack on a huge scale.

Inaudible smart speaker cyberattack

The attack, of which there are two variants, has been dubbed ‘Near-Ultrasound Inaudible Trojan’ (NUIT), and as its name suggests, it uses near-ultrasound waves to conduct a cyberattack.

NUIT-1 relies on a single device to transmit and receive the command, while NUIT-2 sees one device transmitting the message and any other IoTs nearby receiving.

While the human ear cannot detect near-ultrasound waves, smart speakers and voice assistants can. As such, there is virtually zero risk of exposure making it harder to detect whether our devices are being targeted.

The researchers describe how a short inaudible command, which measures 0.77 seconds, can be embedded into any number of legitimate media like YouTube videos and even Zoom calls.

Of the 17 popular devices tested by the researchers, Siri devices were found to have been the most secure with additional voice authentication measures to prevent other voices from accessing sensitive data, like smart home security systems and smart door locks.

More information is expected to be revealed at USENIX Security Symposium 2023 in August, however in the meantime TechRadar Pro has reached out to Apple, Google, and Amazon to find out what they may be doing to remedy the vulnerability.

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Photograph of a hand holding a smartphone with two googly eyes
Every tap, every message – how to stop your smartphone spying on you
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Voice cloning
I cloned my voice in seconds using a free AI app, and we really need to talk about speech synthesis
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Robotic hand clicking on captcha 'I am not a robot'.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
Find My app logo displayed on an iPhone 11 screen
This Find My exploit lets hackers track any Bluetooth device – here’s how you can stay safe
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over