It is currently 24-09-2017 15:09

In the normal videos on youtube, you can hide malicious voice commands

In the normal videos on youtube, you can hide malicious voice commands

by sigismund » 2016-07-11 22:38:59



Seven researchers from the University of California, Berkeley and Georgetown presented the attack, in which an ordinary video embed hidden voice commands can harm nearby gadgets.

In the fall of 2015 a group of researchers from the French National security Agency information systems (ANSSI) has suggested to use voice assistants Siri or Google Now to compromise user devices. Then the researchers proved that the hidden messages that will "hear" only the machine can be conveyed through radio signals. The only requirement to implement such an attack is necessary to change headphone Jack on the victims ' devices to be connected, in fact, headphones. They will perform as an antenna.

A new study is reminiscent of the idea of the French. Experts have proposed to embed hidden voice commands in the video and then post it on any popular video hosting, for example, on YouTube. While playing this movie the human ear in most cases will not notice anything suspicious, whereas Siri and Google Now will filter the audio stream of a voice command, which will hasten to perform.



Below you can see a video demonstration of the attack. The video shows clearly that all depends on the chosen method of distortion of the command. So, in some cases, the voice commands are absolutely indistinguishable, whereas in other cases, the distorted words it is possible to disassemble. Note: before watching the demo it is necessary to disable voice recognition on your smartphone.

__tps://youtu.be/HvZAZFztlO0

According to researchers, this technique can be used for ordinary drawings, and to perform malicious actions. For example, such command may equally well contain order to search something in Google, or the instructions for downloading and installing malware.

To protect against this type of attack can be useful to the user notification of the accepted voice command and type "question-answer" requiring verbal human intervention.

On the official website of the project you can read about the research method in more detail. __tp://www.hiddenvoicecommands.com/
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5