[OPLIN 4cast] OPLIN 4Cast #595: The sound of another security headache for smart speakers
OPLIN Support
support at oplin.ohio.gov
Wed May 23 10:34:23 EDT 2018
Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]
OPLIN 4Cast #595: The sound of another security headache for smart speakers
May 23rd, 2018
[image: sound waveform] Audio viruses are not a new thing, although they
certainly haven't gotten the attention that other kinds of hacks and
malware have. As early as 2013
<https://www.extremetech.com/computing/171949-new-type-of-audio-malware-transmits-through-speakers-and-microphones>,
security researchers confirmed that it was possible to transfer malware via
a speaker and have it picked up via a microphone. However, there's now a
new target for these types of attacks: voice-activated assistants, like
Siri and Alexa. Vectors can be YouTube videos, radio shows and even TV
programs.
Some researchers believe it's possible to also hide attacks in music or
spoken text. Right now, there's no protection from what security experts
have dubbed "Dolphin Attack." However, practically speaking, there may not
be much danger in this...at least, not yet.
-
- Audio Virus is Coming?
<https://medium.com/level-up-web/audio-virus-is-coming-technical-writing-blog-d490aebf4e8b>
[Medium] " This situation carries a potential threat because someone can
make your phone call somebody, open websites or even buy something and
unlock the door of the smart home through the speech recognition systems."
- Inaudible ultrasound commands can be used to secretly control Siri,
Alexa, and Google Now
<https://www.theverge.com/2017/9/7/16265906/ultrasound-hack-siri-alexa-google>
[The Verge] "As with the rest of the research, this method is satisfyingly
clever, but a little too impractical to be a widespread danger. For a
start, for a device to pick up an ultrasonic voice command, the attacker
needs to be nearby — as in, no more than a few feet away. The attacks also
needs to take place in a fairly quiet environment."
- Hackers send silent commands to speech recognition systems with
ultrasound
<https://techcrunch.com/2017/09/06/hackers-send-silent-commands-to-speech-recognition-systems-with-ultrasound/>
[TechCrunch] "Security researchers in China have invented a clever way of
activating voice recognition systems without speaking a word. By using high
frequencies inaudible to humans but which register on electronic
microphones, they were able to issue commands to every major “intelligent
assistant” that were silent to every listener but the target device."
- ‘Dolphin Attack’ hides secret commands for Alexa and Siri inside music
<http://www.tampabay.com/news/nation/-Dolphin-Attack-hides-secret-commands-for-Alexa-and-Siri-inside-music_168132421>
[Tampa Bay Times] "With audio attacks, the researchers are exploiting the
gap between human and machine speech recognition. Speech-recognition
systems typically translate each sound to a letter, eventually compiling
those into words and phrases. By making slight changes to audio files,
researchers were able to cancel out the sound that the speech-recognition
system was supposed to hear and replace it with a sound that would be
transcribed differently by machines while being nearly undetectable to the
human ear."
*From the Ohio Web Library <http://ohioweblibrary.org>:*
- This Hack Can Take Over Amazon Echo or Google Home Devices
<http://proxy.ohiolink.edu:9099/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=125164551&site=ehost-live>
(Darrow, B. (2017). This Hack Can Take Over Amazon Echo or Google Home
Devices. *Fortune.Com*, 1.)
- Dolphin attack enables access to your smartphone via inaudible
ultrasonic commands
<http://proxy.ohiolink.edu:9099/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=nfh&AN=2W62858425950&site=ehost-live>
(Bhushan, K. (2017, September 8). Dolphin attack enables access to your
smartphone via inaudible ultrasonic commands. *Hindustan Times*.)
- How to...Hack-Proof Your Home
<http://proxy.ohiolink.edu:9099/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=nfh&AN=7EH130171513&site=ehost-live>
(HOW TO... HACK-PROOF YOUR HOME. (2017). *Sunday Times, The*, 27.)
------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:
- *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
subscribing to the following URL: http://www.oplin.org/4cast/
index.php/?feed=rss2.
- *Live Bookmark.* If you're using the Firefox web browser, you can go
to the 4cast website (http://www.oplin.org/4cast/) and click on the
orange "radio wave" icon on the right side of the address bar. In Internet
Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
feed.
- *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
http://lists.oplin.org/mailman/listinfo/OPLIN4cast
<http://lists.oplin.org/mailman/listinfo/OPLIN4cast>.
© 2018 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin> [image:
Find us on Facebook] <http://www.facebook.com/oplin.org> [image: Find us
on Google+] <https://plus.google.com/107751358238995507967> [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20180523/991b5de1/attachment.html>
More information about the OPLIN4cast
mailing list