Could ‘demonic voices’ take over YOUR phone? Listen to the terrifying hidden audio messages that can hijack smart assistants

  • Hack can embed hidden voice commands in YouTube videos 
  • Tests shows Android 10ft away from speaker playing malicious commands 
  • Commands sound demonic and are rarely understood by humans
  • Can make phones calls, take pictures, transfer money and more
  • Can make assistant download malware to control entire smartphone 

It may sound like YouTube has been possessed, but the demonic sounds coming from the clip below are voice commands to access a smartphone’s virtual assistant.

Researchers have found an attack that uses ‘hidden voice commands’ embedded within clips that lets hackers prompt the assistant to perform a number of tasks.

This attack lets hackers make phone calls, use Venmo to transfer money or worse, download malware giving cyberthieves complete control of the handset.

Scroll down for videos

 Researchers have found an attack that uses ‘hidden voice commands’ embedded within YouTube videos that lets hackers prompt the assistant to perform a number of tasks. They placed an Android 10ft away from the speaker and the ‘demonic sounds’ said ‘OK Google’The bizarre hack was discovered by a group of Ph.D candidates at Georgetown and the University of California, Berkley, which found the commands are ‘unintelligible to human listeners but which are interpreted as commands by devices’.’Voice command systems are becoming ubiquitous,’ notes Micah Sherr, a computer science department professor who worked with colleagues Clay Shields and Wenchao Zhou on the project.’The attack we envision as most feasible is that someone has a YouTube video of kittens or something popular and in the background, there’s something that says, open a URL.’ ‘This introduces an opportunity for attackers to try to issue unauthorized voice commands to these devices.’

In order for you to become a victim, you just have to listen to a malicious YouTube clip via your smartphone or have it nearby – researchers placed the device 10.1 feet away from the speakers and it was hacked.

And when successful, the hacker can take control of your phone by making phones call, using Venmo to transfer money or access other personal information, reports Vocativ.

‘Voice interfaces are becoming more ubiquitous and are now the primary input method for many devices,’ the researchers wrote.

‘We explore in this paper how they can be attacked with hidden voice commands that are unintelligible to human listeners but which are interpreted as commands by devices.’

Another instance, which may be more damaging, would let cybertheives open websites and download malware – letting them have full control of the device.

In order for you to become a victim, you just have to listen to a malicious YouTube clip via your smartphone or have it nearby – researchers placed the device 10.1 feet away from the speakers and it was hacked

‘So a possible scenario could be that a million people watch a kitten video, and 10,000 of them have their phones nearby and 5,000 of those phones obey the attacker’s voice commands and load a URL with malware on it,’ Sherr says.

‘Then you have 5,000 smartphones under an attacker’s control.’

The team used their knowledge about how speech recognition systems work to construct audio recordings that can be understood as speech by computers but lack the necessary resolution for human comprehension.

‘We learned that if you remove those parts and keep everything else, you get something that a computer can still understand but the human brain cannot,’ Sherr explains.

During their work, the team discovered that it is easy to change voice commands in a way that are nearly unrecognizable by humans, but still prompt the phone to do a task.

When successful, the hacker can take control of your phone by making phones call, using Venmo to transfer money or access other personal information. Cybertheives can also open websites and download malware – letting them have full control of the device

When successful, the hacker can take control of your phone by making phones call, using Venmo to transfer money or access other personal information. Cybertheives can also open websites and download malware – letting them have full control of the device

The results were condensing the words into a demonic growl.

‘Ok Google, Open XKCD.com,’ the voice says, and a nearby phone opens that URL.

And humans in the study could only understand ‘Ok Google’ 20 percent of the time, whereas the Android device in the experimental video executed the command 95 percent of the time.

The team also offered some solutions’

‘We then evaluate several defenses, including notifying the user when a voice command is accepted; a verbal challenge-response protocol; and a machine learning approach that can detect our attacks with 99.8% accuracy.’

http://www.dailymail.co.uk/embed/video/1221560.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s