SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Wave

SurfingAttack exploits ultrasonic guided wave propagating through solid-material tables to attack voice control systems. By leveraging the unique properties of acoustic transmission in solid materials, we design a new attack called SurfingAttack that would enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight. By completing the interaction loop of inaudible sound attack, SurfingAttack enables new attack scenarios, such as hijacking a mobile Short Message Service (SMS) passcode, making ghost fraud calls without owners' knowledge, etc.

Read the Paper, Cite

@inproceedings{yan2020surfingattack,
    author = {Yan, Qiben and Liu, Kehai and Zhou, Qin and Guo, Hanqing and Zhang, Ning},
    title = {SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Wave},
    booktitle={Network and Distributed Systems Security (NDSS) Symposium},
    year = {2020},
}

Team

SurfingAttack was discovered by the following team of academic researchers:

Contact us at surfingattack@gmail.com

Features

How does SurfingAttack work?

SurfingAttack modulates the voice command onto inaudible frequency band, and transmits attack signals using an off-the-shelf PZT transducer (cost $5 per piece) through different types of tables made of solid materials.

What devices can be compromised by the commands injected via SurfingAttack?

We validated successful SurfingAttack on the following devices, and we believe more devices could be vulnerable. The phones protected by silicone rubber phone cases are also vulnerable.

Manufacturer	Model	Os/Version	Best fc(kHz)
Google	Pixel	Android 10	28.2
Google	Pixel 2	Android 10	27.0
Google	Pixel 3	Android 10	27.0
Moto	G5	Android 7.0	27.0
Moto	Z4	Android 9.0	28.2
Samsung	Galaxy S7	Android 7.0	25.8
Samsung	Galaxy S9	Android 9.0	26.5
Xiaomi	Mi 5	Android 8.0	28.3
Xiaomi	Mi 8	Android 9.0	25.6
Xiaomi	Mi 8 Lite	Android 9.0	25.5
Huawei	Honor View 10	Android 9.0	27.7
Apple	iPhone 5	iOS 10.0.03	26.2
Apple	iPhone 5s	iOS 12.1.2	26.2
Apple	iPhone 6+	iOS 11	26.0
Apple	iPhone X	iOS 12.4.1	26.0

What can the attackers do?

⚑ Make fraud call using your phone.
⚑ Retrieve your SMS verification code.
⚑ Interact with your devices using the voice assistants.
⚑ And much more...

How do you defend against SurfingAttack?

★ Keep an eye on your devices placed on tabletops.
★ Reduce the touching surface area of your phones with the table.
★ Place the device on a soft woven fabric before touching the tabletops.
★ Use thicker phone cases made of uncommon materials such as wood.
★ Turn off lock screen personal results (or unlock with voice match) on Android.
★ Disable your Voice Assistant on lock screen, and lock your device when you put it down.