SC Magazine: Hidden voice commands could hijack smartphones

July 13 — Hidden voice commands could hijack smartphones

Ryan Wilk, VP at NuData Security comments in this SC Magazine article, discussing how users should ensure that voice recognition is not set to ‘always on’.

Security researchers have discovered a way of hiding voice commands in online videos that could take control of smartphones and tablets.

In a paper, researchers described how a voice recognition feature, such as Google Now, Siri or Cortana can be abused. In a YouTube video, the researchers demonstrated a proof-of-concept attack against an Android smartphone.

Ryan Wilk, director at NuData Security, told SC that users should ensure that voice recognition is not set to ‘always on’.

“It would be wise to disable voice commands for very sensitive functions such as logging into bank accounts, and it’s a good idea to review the voice detection in your settings. i.e.: Disable ‘Trusted Voice’ to unlock your phone,” he said.

“According to the study, users can be alerted to some extent by enabling ‘beep’, ‘buzz’ and ‘light show’ notifications telling you that voice commands have been accepted. While they say hackers may be able to mask these, enabling notifications may provide at least some early warning that all is not well if you pay attention to them. Setting up confirmation notifications of voice commands could also defend against these attacks, however, may impact the initial purpose of using voice recognition, to begin with.”

For the complete article, go here.