SurfingAttack exploits ultrasonic guided wave propagating through solid-material tables to attack voice control systems. By leveraging the unique properties of acoustic transmission in solid materials, we design a new attack called SurfingAttack that would enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight. By completing the interaction loop of inaudible sound attack, SurfingAttack enables new attack scenarios, such as hijacking a mobile Short Message Service (SMS) passcode, making ghost fraud calls without owners’ knowledge, etc.
SurfingAttack modulates the voice command onto inaudible frequency band, and transmits attack signals using an off-the-shelf PZT transducer (cost $ 5 per piece) through different types of tables made of solid materials.
What devices can be compromised by the commands injected via SurfingAttack?
We validated successful SurfingAttack on the following devices, and we believe more devices could be vulnerable. The phones protected by silicone rubber phone cases are also vulnerable.
|Pixel||Android||. 2||Pixel 2||Android||.0||Pixel 3||Android||.0||(Moto)||G5||Android 7.0||.0||(Moto)||Z4||Android 9.0||. 2||Samsung||Galaxy S7||Android 7.0||. 8||Samsung||Galaxy S9||Android 9.0||. 5||Xiaomi||Mi 5||Android 8.0||. 3||Xiaomi||Mi 8||Android 9.0||. 6||Xiaomi||Mi 8 Lite||Android 9.0||. 5||Huawei|| Honor View
|| Android 9.0
|| 7. Huawei
|| Mate 9 )
|| Android 8.0
|| . 0
|| iPhone 5
|| .0. 11
|| . 2
|| iPhone 5s
|| 1.2 1.2
|| . 2
|| iPhone 6
|| .0 Apple
|| iPhone X
|| . 4.1
ft long distance attack on a large Aluminum metal plate
SurfingAttack on metal plate with different thicknesses
SurfingAttack on glass plate with different thicknesses
SurfingAttack under other scenarios
GIPHY App Key not set. Please check settings