<div dir="ltr"><div><div class="m_802698248659131545gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<table class="m_802698248659131545backgroundTable" bgcolor="#ffffff" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top:0px solid rgb(0,0,0);border-bottom:1px solid rgb(255,255,255);background-color:rgb(255,255,255);text-align:center" align="center"><span style="font-size:10px;color:rgb(96,96,96);line-height:200%;font-family:verdana;text-decoration:none">Email not displaying correctly? <a href="http://www.oplin.org/4cast/" style="font-size:10px;color:rgb(0,0,255);line-height:200%;font-family:verdana;text-decoration:none" target="_blank">View it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top:0px solid rgb(51,51,51);border-bottom:0px solid rgb(255,255,255);background-color:rgb(255,255,255)">
<center><a><img id="m_802698248659131545editableImg1" src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/4cast_email_header.png" title="OPLIN" alt="OPLIN 4Cast" align="middle" border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width:763px;height:877px" bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size:12px;color:rgb(0,0,0);line-height:150%;font-family:'Gothic Sans',sans-serif" bgcolor="#ffffff" valign="top">
<p> <span style="font-size:20px;font-weight:bold;color:rgb(0,0,0);font-family:arial;line-height:110%">OPLIN 4Cast #595: The sound of another security headache for smart speakers</span><br>
<span style="font-size:11px;font-weight:normal;color:rgb(102,102,102);font-style:italic;font-family:arial">May 23rd, 2018</span></p>
<p style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><img align="left" class="m_802698248659131545alignleft m_802698248659131545size-full m_802698248659131545wp-image-6101" src="https://4cast.oplin.org/wp-content/uploads/2018/05/Fotolia_141249904_XS.jpg" alt="sound waveform" width="130" height="94" style="padding-right:14px;padding-top:4px;padding-bottom:4px"> Audio viruses are not a new thing, although they certainly haven't gotten the attention that other kinds of hacks and malware have. As early as <a href="https://www.extremetech.com/computing/171949-new-type-of-audio-malware-transmits-through-speakers-and-microphones" target="_blank">2013</a>, security researchers confirmed that it was possible to transfer malware via a speaker and have it picked up via a microphone. However, there's now a new target for these types of attacks: voice-activated assistants, like Siri and Alexa. Vectors can be YouTube videos, radio shows and even TV programs. <br><br>Some researchers believe it's possible to also hide attacks in music or spoken text. Right now, there's no protection from what security experts have dubbed "Dolphin Attack." However, practically speaking, there may not be much danger in this...at least, not yet.</p><ul>
<li style="list-style-type:none">
</li><li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://medium.com/level-up-web/audio-virus-is-coming-technical-writing-blog-d490aebf4e8b" target="_blank">Audio Virus is Coming?</a> [Medium] " This situation carries a potential threat because someone can make your phone call somebody, open websites or even buy something and unlock the door of the smart home through the speech recognition systems."</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://www.theverge.com/2017/9/7/16265906/ultrasound-hack-siri-alexa-google" target="_blank">Inaudible ultrasound commands can be used to secretly control Siri, Alexa, and Google Now</a> [The Verge] "As with the rest of the research, this method is satisfyingly clever, but a little too impractical to be a widespread danger. For a start, for a device to pick up an ultrasonic voice command, the attacker needs to be nearby — as in, no more than a few feet away. The attacks also needs to take place in a fairly quiet environment."</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://techcrunch.com/2017/09/06/hackers-send-silent-commands-to-speech-recognition-systems-with-ultrasound/" target="_blank">Hackers send silent commands to speech recognition systems with ultrasound</a> [TechCrunch] "Security researchers in China have invented a clever way of activating voice recognition systems without speaking a word. By using high frequencies inaudible to humans but which register on electronic microphones, they were able to issue commands to every major “intelligent assistant” that were silent to every listener but the target device."</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://www.tampabay.com/news/nation/-Dolphin-Attack-hides-secret-commands-for-Alexa-and-Siri-inside-music_168132421" target="_blank">‘Dolphin Attack’ hides secret commands for Alexa and Siri inside music</a> [Tampa Bay Times] "With audio attacks, the researchers are exploiting the gap between human and machine speech recognition. Speech-recognition systems typically translate each sound to a letter, eventually compiling those into words and phrases. By making slight changes to audio files, researchers were able to cancel out the sound that the speech-recognition system was supposed to hear and replace it with a sound that would be transcribed differently by machines while being nearly undetectable to the human ear."</li>
</ul>
<div style="text-align:left"> </div>
<p style="text-align:left;font-size:20px;font-family:arial;line-height:110%"><small><strong><em>From the <a href="http://ohioweblibrary.org" target="_blank">Ohio Web Library</a>:</em></strong></small><br>
</p>
<div style="text-align:justify;font-size:16px;font-family:arial;line-height:110%">
<ul> <li><a href="http://proxy.ohiolink.edu:9099/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=125164551&site=ehost-live" target="_blank"><span style="color:#3a3a3a"><span style="background-color:#d5d5d5"></span></span>This Hack Can Take Over Amazon Echo or Google Home Devices</a> (Darrow, B. (2017). This Hack Can Take Over Amazon Echo or Google Home Devices. <i>Fortune.Com</i>, 1.)</li> <li><a href="http://proxy.ohiolink.edu:9099/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=nfh&AN=2W62858425950&site=ehost-live" target="_blank">Dolphin attack enables access to your smartphone via inaudible ultrasonic commands</a> (Bhushan, K. (2017, September 8). Dolphin attack enables access to your smartphone via inaudible ultrasonic commands. <i>Hindustan Times</i>.)</li> <li><a href="http://proxy.ohiolink.edu:9099/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=nfh&AN=7EH130171513&site=ehost-live" target="_blank">How to...Hack-Proof Your Home</a> (HOW TO... HACK-PROOF YOUR HOME. (2017). <i>Sunday Times, The</i>, 27.)</li>
</ul>
</div>
<div style="text-align:left"> </div>
</td>
</tr>
<tr>
<td valign="top" width="760"><span style="font-size:10px;color:rgb(96,96,96);line-height:100%;font-family:verdana"> <hr>
<div style="text-align:justify">The <strong><em>OPLIN 4cast</em></strong> is a weekly compilation of recent headlines, topics, and trends that could impact public libraries. You can subscribe to it in a variety of ways, such as: <br>
</div>
<div style="text-align:left"> </div>
<ul>
<li style="text-align:justify"><strong>RSS feed.</strong> You can receive the OPLIN 4cast via RSS feed by subscribing to the following URL: <a href="http://www.oplin.org/4cast/index.php/?feed=rss2" target="_blank">http://www.oplin.org/4cast/<wbr>index.php/?feed=rss2</a>.</li>
<li style="text-align:justify"><strong>Live Bookmark.</strong> If you're using the Firefox web browser, you can go to the 4cast website (<a href="http://www.oplin.org/4cast/" target="_blank">http://www.oplin.org/4cast/</a>) and click on the orange "radio wave" icon on the right side of the address bar. In Internet Explorer 7, click on the same icon to view or subscribe to the 4cast RSS feed.</li>
<li style="text-align:justify"><strong>E-mail.</strong> You can have the OPLIN 4cast delivered via e-mail (a'la OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at <a href="http://lists.oplin.org/mailman/listinfo/OPLIN4cast" target="_blank">http://lists.oplin.org/<wbr>mailman/listinfo/OPLIN4cast</a>.</li>
</ul> </span> </td>
</tr>
<tr>
<td style="text-align:center;font-family:'Century Gothic',sans-serif;border-top:0px solid rgb(255,255,255);background-color:#2c4587;color:#fff" valign="top" width="760">© 2018 Ohio Public Library Information Network<br> <a href="http://www.slideshare.net/oplin" title="Find us on Slideshare" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/slideshare3.png" alt="Find us on Slideshare"></a> <a href="http://www.facebook.com/oplin.org" title="Find us on Facebook" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/facebook_0.png" alt="Find us on Facebook"></a> <a href="https://plus.google.com/107751358238995507967" title="Find us on Google+" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/google+.png" alt="Find us on Google+"></a> <a href="http://www.twitter.com/oplin" title="Find us on Twitter" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/twitter_0.png" alt="Find us on Twitter"></a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div></div></div></div></div></div></div>
</div>