Cybersecurity experts have shown how to hack a smartphone using voice commands from YouTube
A team of researchers from the University of California at Berkeley and the University of Georgetown (DC) clearly demonstrated that hacking a smartphone or other mobile device remotely is quite possible with the help of voice commands broadcast via the YouTube video channel.
According to experts, in order to gain access to the management of the gadget, the user need only to view the video. Hidden voice commands, which may contain a video, elusive to the ear of the viewer, but are perceived by mobile devices.
The researchers focused on the fact that the video does not have to be viewed on the smartphone screen: the hacker can reach the goal “from the outside” when an unsuspecting user watches YouTube videos on any neighboring device - laptop, computer, smart TV, etc. This voice command will still be able to reach the phone, after which it will be hacked.
')
Hacking on the described scenario are subject to both mobile devices on IOS, and on Android. By accepting a voice command, which for the user is perceived as an incoherent set of sounds or is not audible at all, the electronic assistant of Google Now or Siri gives the command to follow the link and download malicious software.
Thus, while the user is watching the video on his computer or TV, his smartphone can execute commands from the attacker. A successful attack will allow hackers to gain remote access to a mobile device, download malware to a smartphone, spoof configuration settings, acquire confidential user data, etc. At the same time, additional noise may sound in the video itself, so the user will not even understand what is happening if you do not accidentally look at the smartphone.
According to experts, to protect the owner of a mobile device from such a threat with a probability of more than 99.8% will allow the activation on the device of the option to deliver notifications to receive and execute voice commands.
This is not the first case of hacking smartphones through the popular video hosting platform. Earlier, employees of the University of Texas talked about the possibility of hacking a smartphone on Android when identifying the owner. In the unlock field, it was enough to enter the maximum number of characters, after which the OS gave an error and the lock was removed. For the “breach” in the protection of smartphones on Android, a group of researchers from Texas received a cash reward from the developers. However, this time, none of the leading mobile device manufacturers have yet commented on the current situation.
zdnet.com
pdf version with detailed description of the method and experiment
That's all with you was Dronk.Ru. Do not forget to return money for purchases in China and subscribe to our blog , there will be many more interesting things.
We recommend:
- Save up to 8% on every purchase on AliExpress and other online stores in China
- Why do online stores give money for purchases?
- Return your money - Choose a cashback service for Aliexpress
- The history of the development of Dronk.ru - from choosing quadcopters to returning money for purchases on AliExpress and not only
- The best cashback service or 5 main criteria for evaluating cashback service
According to experts, in order to gain access to the management of the gadget, the user need only to view the video. Hidden voice commands, which may contain a video, elusive to the ear of the viewer, but are perceived by mobile devices.
The researchers focused on the fact that the video does not have to be viewed on the smartphone screen: the hacker can reach the goal “from the outside” when an unsuspecting user watches YouTube videos on any neighboring device - laptop, computer, smart TV, etc. This voice command will still be able to reach the phone, after which it will be hacked.
')
Hacking on the described scenario are subject to both mobile devices on IOS, and on Android. By accepting a voice command, which for the user is perceived as an incoherent set of sounds or is not audible at all, the electronic assistant of Google Now or Siri gives the command to follow the link and download malicious software.
Thus, while the user is watching the video on his computer or TV, his smartphone can execute commands from the attacker. A successful attack will allow hackers to gain remote access to a mobile device, download malware to a smartphone, spoof configuration settings, acquire confidential user data, etc. At the same time, additional noise may sound in the video itself, so the user will not even understand what is happening if you do not accidentally look at the smartphone.
According to experts, to protect the owner of a mobile device from such a threat with a probability of more than 99.8% will allow the activation on the device of the option to deliver notifications to receive and execute voice commands.
This is not the first case of hacking smartphones through the popular video hosting platform. Earlier, employees of the University of Texas talked about the possibility of hacking a smartphone on Android when identifying the owner. In the unlock field, it was enough to enter the maximum number of characters, after which the OS gave an error and the lock was removed. For the “breach” in the protection of smartphones on Android, a group of researchers from Texas received a cash reward from the developers. However, this time, none of the leading mobile device manufacturers have yet commented on the current situation.
zdnet.com
pdf version with detailed description of the method and experiment
That's all with you was Dronk.Ru. Do not forget to return money for purchases in China and subscribe to our blog , there will be many more interesting things.
We recommend:
- Save up to 8% on every purchase on AliExpress and other online stores in China
- Why do online stores give money for purchases?
- Return your money - Choose a cashback service for Aliexpress
- The history of the development of Dronk.ru - from choosing quadcopters to returning money for purchases on AliExpress and not only
- The best cashback service or 5 main criteria for evaluating cashback service
Source: https://habr.com/ru/post/396079/
All Articles