in ,

SurfingAttack: New Attack on Voice Assistants Using Ultrasonic Guided Wave, Hacker News

SurfingAttack exploits ultrasonic guided wave propagating through solid-material tables to attack voice control systems. By leveraging the unique properties of acoustic transmission in solid materials, we design a new attack called SurfingAttack that would enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight. By completing the interaction loop of inaudible sound attack, SurfingAttack enables new attack scenarios, such as hijacking a mobile Short Message Service (SMS) passcode, making ghost fraud calls without owners’ knowledge, etc.

Read the Paper , Cite

  • How does SurfingAttack work?
  • SurfingAttack modulates the voice command onto inaudible frequency band, and transmits attack signals using an off-the-shelf PZT transducer (cost $ 5 per piece) through different types of tables made of solid materials.

    What devices can be compromised by the commands injected via SurfingAttack?

  • We validated successful SurfingAttack on the following devices, and we believe more devices could be vulnerable. The phones protected by silicone rubber phone cases are also vulnerable.

  • Manufacturer



    Os / Version

    Best fc (kHz)    Google



         Pixel      Android . 2    Google      Pixel 2      Android .0    Google      Pixel 3      Android .0    (Moto)      G5      Android 7.0 .0    (Moto)      Z4      Android 9.0 . 2    Samsung      Galaxy S7      Android 7.0 . 8    Samsung Galaxy S9 Android 9.0 . 5 Xiaomi      Mi 5      Android 8.0 . 3    Xiaomi      Mi 8      Android 9.0 . 6    Xiaomi      Mi 8 Lite      Android 9.0 . 5    Huawei      Honor View

  • Android 9.0 7.    Huawei      Mate 9 )      Android 8.0 . 0    Apple      iPhone 5      iOS .0. 11 . 2    Apple      iPhone 5s
    iOS 1.2 1.2 . 2    Apple      iPhone 6
  • .0    Apple      iPhone X      iOS . 4.1 .0   

      What can the attackers do?

    • Make fraud call using your phone.
    • ⚑ Retrieve your SMS verification code.
    • ⚑ Interact with your devices using the voice assistants.
    • much And much more …
  • How do we defend against SurfingAttack?
  • ★ Keep an eye on your devices placed on tabletops.
  • ★ Reduce the touching surface area of ​​your phones with the table.
  • ★ Place the device on a soft woven fabric before touching the tabletops.
  • ★ Turn off lock screen personal results.
  • ★ Use thicker phone cases made of uncommon materials such as wood. SurfingAttack demonstration Unnoticeable SurfingAttack in a realistic scenario (SurfingAttack system including a metal sheet or a glass sheet with attack device is hidden under a tablecloth)

    Mi 8

  • 400

    ft long distance attack on a large Aluminum metal plate

    SurfingAttack on metal plate with different thicknesses

    SurfingAttack on glass plate with different thicknesses

    SurfingAttack under other scenarios

     Read More  

    What do you think?

    Leave a Reply

    Your email address will not be published.

    GIPHY App Key not set. Please check settings

    China's Tariff Cut on $ 75B in U.S. Imports A Stock Market Tailwind, Crypto Coins News

    China's Tariff Cut on $ 75B in U.S. Imports A Stock Market Tailwind, Crypto Coins News

    Chip Industry Had Worst Sales Year Since Dot-Com Bubble Burst, Hacker News