Hacking an iPhone or any Android phone from 30 ft away via ultrasonic waves

Methods to compromise the security of mobile devices keep evolving. This time, vulnerability testing specialists at the University of Washington unveiled a new variant of smartphone attack based on the use of ultrasonic waves. While this is not a new method, the report details a much more effective variant.

This team of researchers discovered that ultrasonic waves can spread across multiple solid surfaces to initiate a device’s voice recognition systems. In addition, using various hardware components (affordable for any user) it is possible to listen to the response of the target smartphone.

During their research, experts were able to send voice commands and get response from various iOS and Android smartphone models from a location close to that of device owners. In other words, vulnerability testing specialists managed to control these devices from afar. While ultrasonic waves are out of reach for human ear, the microphone of any smartphone is able to register them. According to Ning Zhang, a member of the research team, “anyone who knows how to manipulate these signals is capable of tricking a smartphone into passing the waves like a voice command.”

Most of tested models are vulnerable to this attack variant

The purpose of the tests carried out by the experts was to manipulate a smartphone placed on a table, for which other elements were required. To complete the experiment, the researchers placed a microphone and a piezoelectric transducer (used to convert electricity into ultrasonic waves). In addition, on the other side of this table, it was placed a device capable of generating different forms of waves. Once all the necessary components were ready, the experts deployed two different attack variants, explained below.

EXTRACTING A PIN SENT VIA SMS

Vulnerability testing specialists proved able to retrieve an access code sent to the target smartphone via SMS. The exploitation of this flaw was based on the ability of any voice assistant to access the content of a text message, in addition to the use of two-factor authentication (2FA).  

The researchers (in the role of attackers) asked the target smartphone to set the volume at level 3, as at this level it is practically inaudible to users, considering the ambient sound. The attackers subsequently sent a test message emulating legitimate SMSs sent by banks to verify their user’s identity.

The attack depends on the voice assistant activation

When the message arrived at the device, the attackers activated the command “Read My Messages” to access the SMS content, intercepting the smartphone’s response with the microphone and sending it to the attackers.

MAKE A FRAUDULENT CALL

In the second attack tested, the researchers managed to make a call by sending the command “call Sam with the speaker” to the target device, which in effect triggered a phone call. Using the microphone, vulnerability testing researchers managed to have a conversation with “Sam”, a randomly chosen name.

Tests were conducted on 17 different smartphone models, including some of the most popular ones, such as the iPhone and Samsung Galaxy. Of the test group, only two devices proved non-vulnerable to this attack variant.

ULTRASONIC WAVES AND DISPLACEMENT SURFACES

The researchers not only analyzed various smartphone models, but also took their time to test the ability of ultrasonic waves to move across different surfaces, demonstrating that the attack is equally functional in wood, metals and glass surfaces. In addition, they concluded that the attack is possible even at distances of up to 30ft. Other variables, such as using a smartphone case or placing objects around the target smartphone, also slightly alter the viability of the attack.   

While exploiting these weaknesses in the wild is complex and even unlikely, it’s worth that manufacturers take this possibility into account and implement some additional security measures. According to the International Institute of Cyber Security (IICS), the implementation of software that distinguishes between ultrasonic signals and the user’s voice could completely mitigate the risk of exploiting these flaws, although such a protective measure could be available only for the next generation of smartphones.