ESET, a security company, introduced Surfingattack, an attack method that illegally operates the smartphone's audio assistant function with ultrasound.There is a risk of reading messages, calling, and shooting.
テーブルに置いたスマホの音声アシスタントを超音波で不正操作(出典:研究チーム)This attack method was verified and announced by the Chinese Academy of Science, Michigan State University, Lincoln's School of Nebraskan, and the University of Washington at St. Louis.Experiment with multiple smartphones and succeeded in attacking with Google, Apple, Motorola, Samsung Electronics, Xiaomi Technology (Xiaomi), Huawei Technologies (Huawei Technologies).
実験で攻撃に成功したスマホ(出典:研究チーム)
In the experiment, the top plate was sent to a smartphone placed on a table made of hard materials such as glass, metal, wood, and plastic, and a ultrasonic signal that could not be heard by humans from a pilot electroof material attached to the back of the top plate.By propagating the modulated audio command at this signal, it was possible to operate the smartphone's voice assistant function without being noticed.With this method, you can attack from a place where you can see it to some extent.
As a way to prevent attacks, the research team does not keep an eye on the smartphone placed on the table, reduces the area in which smartphones come into contact with the table, puts a smartphone on a soft cloth, and has a voice command in an Android smartphone.The measures were to be used to turn off the effective "Voice Match" function, and to attach a cover of unusual materials such as wooden on a smartphone.
Of the smartphones used in the experiment, two models, "Huawei Mate 9" and "Samsung Galaxy Note 10+", did not respond to the attack.The research team believes the effects of the structure and material of both models.
Surfingattack introduction video (Source: YouTube)