Silent commands in YouTube videos can hack your mobile

By on
Silent commands in YouTube videos can hack your mobile

Hidden voice commands embedded in a YouTube video can trigger mobile devices to download malware and alter configuration settings, according to ZDNet.

A team made up of researchers from the University of California, Berkeley, and Georgetown University, have created a technique capable of compromising a mobile device via voice commands embedded into a YouTube video.

The signal is imperceptible to viewers, but is able to trigger commands within a nearby device, whether a laptop, computer, smart TV, smartphone or tablet. On Apple systems, Siri receives the message and on Android systems, Google Now interprets the signal.

In attempting to warn of the risks inherent in increasingly ubiquitous voice interfaces, the researchers note how "an attacker uses the speech recognition system as an opaque oracle".

The incursion could enable attackers to issue instructions to any nearby mobile device to initiate a download of malware or adjust configuration settings, which could then lead to a compromise of the device and the possibility of surveillance.

A similar strategy was employed in October 2015 when a team at ANSSI, the French computer security agency, demonstrated a hack capable of controlling a mobile device from as far away as 4.9 metres. In that demonstration, radio commands were sent to the voice control systems used in both Apple and Google's personal assistants.

On their project page, the US researchers demonstrating the YouTube hack provide some defenses, particularly alerting a user when a voice command is accepted, a verbal challenge-response protocol, and a machine-learning process capable of detecting the attacks.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

How do you feel about Telstra's new services play?
Telstra has become a direct threat - we'll only work with other carriers
We can live with this - we'll still use Telstra networks
This is an opportunity for us - customers liked working with Telstra's sub-brands
This changes nothing - Telstra was always a competitor
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?