Security researchers disclosed a critical security flaw in Youtube Videos, by using this critical flaw hackers can take control of your smartphone using its built-in voice recognition software. By burying mangled voice commands within YouTube videos, a team of university professors in the US found that they could instruct a nearby device to carry out potentially harmful actions.
Now a days we can see many smartphones are providing Voice interfaces feature with their customised Android and IOS operating systems.It is allowing us an extra level of convenience in diary planning, hands-free messaging or just settling pub debates on pointless trivia. Yet while the likes of Siri, Cortana and Google Now have made our smartphones smarter, they have also unwittingly added a whole new level of vulnerability.
French infosec agency ANSSI in 2015 already highlighted this voice command feature, In it they demonstrated how Siri voice commands could be silently triggered from up to 16 feet distance by sending radio waves to an iPhone with a headset plugged into it.
Security researchers from Georgetown University and the University of California, Berkeley added a video for demonstration
were able to activate an Android smartphone using the “OK Google” trigger. The audio command had been mangled to make it less intelligible to human ears, yet could be understood easily by the software of the nearby phone. From there, the researchers were able to make the device open web pages and turn settings on and off.
According to the security researcher team from Georgetown University
What makes this vulnerability even more dangerous is the fact it requires very little technical know-how to carry out. “Hidden voice commands can be constructed even with very little knowledge about the speech recognition system,” the research paper explained. “We provide a general attack procedure for generating commands that are likely to work with any modern voice recognition system.”
The team’s findings are due to be presented in August at the USENIX Security Symposium in Austin, Texas.
Subscribe for latest security updates