A group of researchers from Michigan State University, the University of Nebraska-Lincoln, Washington University and the Chinese Academy of Sciences demonstrated how a $5 hack could be used to compromise iPhones, Samsung Galaxy and Pixel phones. The hack involves attacking the voice assistants of smartphones using ultrasonic waves that aren’t audible to human ears.
The attack dubbed “SurfingAttack” was successfully demonstrated on Apple’s Siri, Samsung’s Bixby and Google Assistant and researchers were able to unlock devices, read 2FA codes from text messages, attend calls and even take selfies.
How does SurfingAttack Works?
SurfingAttack delivers a range of inaudible voice commands in ultrasound to target devices via different solid media. The attack exploits micro-electro-mechanical-systems (MEMS) which is the microphone technology deployed in most of the smartphones.
To demonstrate the attack, researchers used a special type of ultrasonic transducer called piezoelectric (PZT) transducer which costs merely $5. The transducer generates ultrasonic waves by inducing minor vibrations of the solid material.
Researchers attached the transducer to the underside of a table. When the target device is kept close to the transducer the ultrasonic signals can be transmitted to it.
It was found that SurfingAttack works flawlessly when the distance between the target smartphone and the transducer is as close as 50cm. However, when multiple transducers are used across the table, the range of the attack can be amplified.
Which devices are vulnerable to SurfingAttack?
Publishing the details of the attack on a website, the researchers have successfully executed SurfingAttack on the following devices:
- Google Pixel
- Google Pixel 2
- Google Pixel 3
- Moto G5
- Moto Z4
- Samsung Galaxy S7
- Samsung Galaxy S9
- Xiaomi Mi5
- Xiaomi Mi8
- Xiaomi Mi8 Lite
- Huawei Honor View 10
- iPhone 5
- iPhone 5s
- iPhone 6+
- iPhone X
You can disable the voice assistant on the lock screen and turn off lock screen personal results on your device to evade the attack. For more details on SurfingAttack, you can refer to this research paper.