Silent commands in YouTube videos can hack your mobile

By on
Silent commands in YouTube videos can hack your mobile

Hidden voice commands embedded in a YouTube video can trigger mobile devices to download malware and alter configuration settings, according to ZDNet.

A team made up of researchers from the University of California, Berkeley, and Georgetown University, have created a technique capable of compromising a mobile device via voice commands embedded into a YouTube video.

The signal is imperceptible to viewers, but is able to trigger commands within a nearby device, whether a laptop, computer, smart TV, smartphone or tablet. On Apple systems, Siri receives the message and on Android systems, Google Now interprets the signal.

In attempting to warn of the risks inherent in increasingly ubiquitous voice interfaces, the researchers note how "an attacker uses the speech recognition system as an opaque oracle".

The incursion could enable attackers to issue instructions to any nearby mobile device to initiate a download of malware or adjust configuration settings, which could then lead to a compromise of the device and the possibility of surveillance.

A similar strategy was employed in October 2015 when a team at ANSSI, the French computer security agency, demonstrated a hack capable of controlling a mobile device from as far away as 4.9 metres. In that demonstration, radio commands were sent to the voice control systems used in both Apple and Google's personal assistants.

On their project page, the US researchers demonstrating the YouTube hack provide some defenses, particularly alerting a user when a voice command is accepted, a verbal challenge-response protocol, and a machine-learning process capable of detecting the attacks.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's your top marketing tactic for 2020?
Long lunches with customers and prospects
Content marketing to drive website visits
Social media
More use of CRM
Word of mouth
Online ads
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?