22 March 2023

New stealthy NUIT attack allows to remotely control Siri, Alexa and other smart voice assistants


New stealthy NUIT attack allows to remotely control Siri, Alexa and other smart voice assistants

A team of academics from The University of Texas at San Antonio devised a new method that involves the use of inaudible sounds embedded in regular audio and video files to send malicious commands to voice assistants.

According to the researchers, the new attack, dubbed NUIT (Near-Ultrasound Inaudible Trojan), works on popular smart voice assistants like Siri, Google Assistant, Alexa or Amazon’s Echo and Microsoft Cortana.

To execute the NUIT attack an attacker needs to trick the victim into listening or watching malicious audio or video, for example, a YouTube video with embedded malicious commands, either on a laptop or mobile device.

Signals can discreetly attack the microphone on the same device or infiltrate the microphone via speakers from other devices such as laptops, vehicle audio systems, and smart home devices.

“The sound of NUIT malicious commands will become inaudible, and it can attack your cell phone too and communicate with your Google Assistant or Alexa devices. It can even happen in Zooms during meetings. If someone unmutes themselves, they can embed the attack signal to hack your phone that’s placed next to your computer during the meeting,” the researchers said.

Once the threat actor accessed the device, they can send inaudible action commands to reduce a device’s volume and prevent a voice assistant’s response from being heard by the user before proceeding with further attacks. The speaker must be above a certain noise level to successfully allow an attack, and the length of malicious commands must be below 77 milliseconds (or 0.77 seconds).

To avoid falling victim to such attacks users can authenticate their voice assistants and exercise caution when they are clicking links and grant microphone permissions. Using earphones instead of speakers will also help, as it “sets a limitation where the sound from earphones is too low to transmit to the microphone. If the microphone cannot receive the inaudible malicious command, the underlying voice assistant can’t be maliciously activated by NUIT.”


Back to the list

Latest Posts

Iranian hackers exploit RMM tools to deliver malware

Iranian hackers exploit RMM tools to deliver malware

One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
24 April 2024
Ongoing malware campaign targets multiple industries, distributes infostealers

Ongoing malware campaign targets multiple industries, distributes infostealers

The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
24 April 2024
US charges four Iranian hackers for cyber intrusions

US charges four Iranian hackers for cyber intrusions

The group targeted both both government and private entities.
24 April 2024