How A Simple YouTube Voice Command can Hack Your Smartphone

YouTube voice command

This is the age of the smartphone. We all have our smartphone device in our pocket. Wherever we go, our smart device goes with us. Because it’s that much important in our daily life. How important? Well, you can consider our smartphone as a handheld personal computer. So, are you following the safety measures the same as you do for your computer? Know how to behave and know what the internet security tips are? Nowadays, you can do almost everything via mobile phone. Today, I will tell you something about a new kind of threat. YouTube voice command attack.

Let’s say for example instant messaging, emailing, video calling, live TV streaming, live chatting, GPS and much more. Android and iOS both are the leading smartphones operating system in current days. As the number of the smartphone user is increasing, the number of smartphone malware attacks are also increasingly high which is not good news for any of us.

We all know what mobile malware is. Malware is the malicious software which is able to get the accessibility into your device to steal data and control your device remotely. There are many types of malware that had various effects on your device. There is new threat is romancing around, and this is not a total malware.

It is very astonishing fact that a covert voice command can hack your device, and that voice command can be hidden within YouTube videos. According to ZDNet, some YouTube video has embedded voice command that can trigger your smartphone to download malware or malicious apps.

A team of technicians from the Georgetown University and the University of California has found a way that can penetrate a smartphone devices security systems via voice command. This signal is entirely imperceptible to the user, but this command can trigger any nearby device like smartphone, tablet, desktop computer and even laptop.

This signal can be interpreted by Google Now on any Android devices and for the iOS, Siri can receive the following signal. In the latest Android and iPhone device, this voice command system is a new feature. If you ever lose your phone in your messy bedroom or office room, you can find them through the voice command. Just speak “Okay Google” for the Android and “Het Siri” for iPhone. 

What Researchers are saying about YouTube Voice Command?

The researchers have published the how a voice command can hack a mobile device through a YouTube video,“We explore in this paper how they can be attacked with hidden voice commands that are unintelligible to human listeners but which are interpreted as commands by devices.

White and Black Box

We evaluate these attacks under two different threat models.” states the introduction of the project. “In the black-box model, an attacker uses the speech recognition system as an opaque oracle. We show that the adversary can produce difficult to understand commands that are effective against existing systems in the black-box model.

Under the white-box model, the attacker has full knowledge of the internals of the speech recognition system and uses it to create attack commands that we demonstrate through user testing are not understandable by humans. We then evaluate several defenses, including notifying the user when a voice command is accepted; a verbal challenge-response protocol; and a machine learning approach that can detect our attacks with 99.8% accuracy.”

In another news, a team of technicians from French software security agency ANSSI has discovered that a hacker can easily hack a mobile device from 16 feet of distance. So, your device is not safe at all. Maybe someone is not there to steal your phone physically, but some are too smart to steal data from your phone remotely.

Research

Researchers have also tested in two different ways called Black box test and White box test. In black box test, researchers have found that it is easy to breach a mobile device through the test. However, breaching an Android device was much easier than getting into an iPhone. According to Micah Sherr, a computer science professor at Georgetown. He says, iPhone’s Siri is much more conservative than the Google in activating voice recognition system.

The white-box attack was much more efficient compared to the black-box attack, says Sherr. According to him, “It was able to produce audio that was more often interpreted correctly by the computer and more often not interpreted correctly by humans. However, the trade-off here is that the white-box attack needs the attacker to understand precisely how the speech recognition system works”.

Defensive Measurement Against YouTube Voice Command Attack

However, there is a way to defend or reduce voice-command attack. Enabling the confirmation notification is the ideal way to shield your devices from this type of attacks. In that case, hackers will be able to send voice command on your device, but your phone will ask you for the confirmation to accept the voice command.

So, this is all about YouTube voice command attack. I hope now you know all about it and will be alert enough.

Always remember, hackers are smart, and they are always looking for a way to make you fool. Get your knowledge about the cyber security tips

So, be smart. Because remember that hackers are trying to steal the data from your device. Surely they will find out a way.