A team of academics from The University of Texas at San Antonio devised a new method that involves the use of inaudible sounds embedded in regular audio and video files to send malicious commands to voice assistants.

According to the researchers, the new attack, dubbed NUIT (Near-Ultrasound Inaudible Trojan), works on popular smart voice assistants like Siri, Google Assistant, Alexa or Amazon’s Echo and Microsoft Cortana.

To execute the NUIT attack an attacker needs to trick the victim into listening or watching malicious audio or video, for example, a YouTube video with embedded malicious commands, either on a laptop or mobile device.

Signals can discreetly attack the microphone on the same device or infiltrate the microphone via speakers from other devices such as laptops, vehicle audio systems, and smart home devices.

“The sound of NUIT malicious commands will become inaudible, and it can attack your cell phone too and communicate with your Google Assistant or Alexa devices. It can even happen in Zooms during meetings. If someone unmutes themselves, they can embed the attack signal to hack your phone that’s placed next to your computer during the meeting,” the researchers said.

Once the threat actor accessed the device, they can send inaudible action commands to reduce a device’s volume and prevent a voice assistant’s response from being heard by the user before proceeding with further attacks. The speaker must be above a certain noise level to successfully allow an attack, and the length of malicious commands must be below 77 milliseconds (or 0.77 seconds).

To avoid falling victim to such attacks users can authenticate their voice assistants and exercise caution when they are clicking links and grant microphone permissions. Using earphones instead of speakers will also help, as it “sets a limitation where the sound from earphones is too low to transmit to the microphone. If the microphone cannot receive the inaudible malicious command, the underlying voice assistant can’t be maliciously activated by NUIT.”