New research from Washington University in St. Louis expands the scope of vulnerability that ultrasonic waves pose to cellphone security. These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and—with the addition of some cheap hardware—the person initiating the attack can also hear the phone's response. The results were presented Feb. 24 at the Network and Distributed System Security Symposium in San Diego. The research team also included researchers from Michigan State University, the University of Nebraska-Lincoln and the Chinese Academy of Sciences. The success of the "surfing attack," as it's called in the paper, highlights the less-often discussed link between the cyber and the physical.
Ultrasonic waves are sound waves in a frequency that is higher than humans can hear. Cellphone microphones, however, can and do record these higher frequencies. If you know how to play with the signals, you can get the phone such that when it interprets the incoming sound waves, it will think that you are saying a command. To test the ability of ultrasonic waves to transmit these "commands" through solid surfaces, the research team set up a host of experiments that included a phone on a table. Attached to the bottom of the table was a microphone and a piezoelectric transducer (PZT), which is used to convert electricity into ultrasonic waves. On the other side of the table from the phone, ostensibly hidden from the phone's user, is a waveform generator to generate the correct signals.
The team ran two tests, one to retrieve an SMS (text) passcode and another to make a fraudulent call. The first test relied on the common virtual assistant command "read my messages" and on the use of two-factor authentication, in which a passcode is sent to a user's phone—from a bank, for instance—to verify the user's identity. The attacker first told the virtual assistant to turn the volume down to Level 3. At this volume, the victim did not notice their phone's responses in an office setting with a moderate noise level. Then, when a simulated message from a bank arrived, the attack device sent the "read my messages" command to the phone. The response was audible to the microphone under the table, but not to the victim. In the second test, the attack device sent the message "call Sam with speakerphone," initiating a call. Using the microphone under the table, the attacker was able to carry on a conversation with "Sam."
The team tested 17 different phone models, including popular iPhones, Galaxy and Moto models. All but two were vulnerable to ultrasonic wave attacks. Ultrasonic waves made it through metal, glass and wood. Ultrasonic wave attacks also worked on plastic tables, but not as reliably. They also tested different table surfaces and phone configurations. They tried placing the phone in different positions, changing the orientation of the microphone. They placed objects on the table in an attempt to dampen the strength of the waves. It still worked. Even at distances as far as 30 feet. Phone cases only slightly affected the attack success rates. Placing water on the table, potentially to absorb the waves, had no effect. Moreover, an attack wave could simultaneously affect more than one phone.
The team suggested some defense mechanisms that could protect against such an attack. One idea would be the development of phone software that analyzes the received signal to discriminate between ultrasonic waves and genuine human voices. Changing the layout of mobile phones, such as the placement of the microphone, to dampen or suppress ultrasound waves could also stop a surfing attack. There's a simple way to keep a phone out of harm's way of ultrasonic waves: the interlayer-based defense, which uses a soft, woven fabric to increase the "impedance mismatch." In other words, put the phone on a tablecloth.
https://techxplore.com/news/2020-02-surfing-hacks-siri-google-ultrasonic.html
Ultrasonic waves are sound waves in a frequency that is higher than humans can hear. Cellphone microphones, however, can and do record these higher frequencies. If you know how to play with the signals, you can get the phone such that when it interprets the incoming sound waves, it will think that you are saying a command. To test the ability of ultrasonic waves to transmit these "commands" through solid surfaces, the research team set up a host of experiments that included a phone on a table. Attached to the bottom of the table was a microphone and a piezoelectric transducer (PZT), which is used to convert electricity into ultrasonic waves. On the other side of the table from the phone, ostensibly hidden from the phone's user, is a waveform generator to generate the correct signals.
The team ran two tests, one to retrieve an SMS (text) passcode and another to make a fraudulent call. The first test relied on the common virtual assistant command "read my messages" and on the use of two-factor authentication, in which a passcode is sent to a user's phone—from a bank, for instance—to verify the user's identity. The attacker first told the virtual assistant to turn the volume down to Level 3. At this volume, the victim did not notice their phone's responses in an office setting with a moderate noise level. Then, when a simulated message from a bank arrived, the attack device sent the "read my messages" command to the phone. The response was audible to the microphone under the table, but not to the victim. In the second test, the attack device sent the message "call Sam with speakerphone," initiating a call. Using the microphone under the table, the attacker was able to carry on a conversation with "Sam."
The team tested 17 different phone models, including popular iPhones, Galaxy and Moto models. All but two were vulnerable to ultrasonic wave attacks. Ultrasonic waves made it through metal, glass and wood. Ultrasonic wave attacks also worked on plastic tables, but not as reliably. They also tested different table surfaces and phone configurations. They tried placing the phone in different positions, changing the orientation of the microphone. They placed objects on the table in an attempt to dampen the strength of the waves. It still worked. Even at distances as far as 30 feet. Phone cases only slightly affected the attack success rates. Placing water on the table, potentially to absorb the waves, had no effect. Moreover, an attack wave could simultaneously affect more than one phone.
The team suggested some defense mechanisms that could protect against such an attack. One idea would be the development of phone software that analyzes the received signal to discriminate between ultrasonic waves and genuine human voices. Changing the layout of mobile phones, such as the placement of the microphone, to dampen or suppress ultrasound waves could also stop a surfing attack. There's a simple way to keep a phone out of harm's way of ultrasonic waves: the interlayer-based defense, which uses a soft, woven fabric to increase the "impedance mismatch." In other words, put the phone on a tablecloth.
https://techxplore.com/news/2020-02-surfing-hacks-siri-google-ultrasonic.html
No comments :
Post a Comment