What just happened? Voice assistants and smart devices have a known vulnerability against ultrasound-based attacks. Researchers have now developed two new ultrasonic exploits that could put millions of devices at risk. Unheard commands can be sent during teleconferencing or in-person.

Researchers from the University of Texas, San Antonio, and the University of Colorado have developed new ultrasound attacks dubbed NUIT, or Near-Ultrasound Inaudible Trojan, which can exploit vulnerabilities in microphone-equipped IoT devices and voice assistants such as Apple Siri, Google Assistant, and Microsoft Cortana. The attacks are inaudible to humans, yet they can effectively turn smart devices into potentially malicious appliances.

The researchers plan to unveil the new attacks publicly during the upcoming 32nd USENIX Security Symposium, August 9-11, in Anaheim, California. The research team provided a preview demonstration to The Register, showing two separate attacks--NUIT-1 and NUIT-2.

The first sends near-ultrasound signals to a smart speaker to compromise the microphone and voice assistant on the same device. The second exploits a victim's speaker to attack the microphone and voice assistant on a different device.

The NUIT attacks work by modulating voice commands into near-ultrasonic signals, which the human ear cannot detect, but voice assistants can. The instructions modulated in NUIT-1 are extremely fast, lasting under 77 milliseconds. That period is the average reaction time for the four voice assistants installed in the multiple devices tested by US researchers.

The researchers tested NUIT-1 as an "end-to-end silent" attack. Siri turned out to be fully vulnerable to NUIT-1. The researchers could control an iPhone's volume with a silent, sub-77 ms instruction ("speak six percent") to lower the smartphone's volume to 6%. A second silent instruction ("open the door") allowed them to use Siri to open the victim's front door via Apple's Home app.

The NUIT-2 attack sends embedded ultrasonic signals via a teleconference like a Zoom meeting. This vector allows hackers to exploit a nearby phone remotely. The NUIT-2 attacks don't have the 77ms time window, enabling researchers to try more complex commands.

The researchers tested both attacks against 17 different devices, including several iPhone models, a 2021 MacBook Pro, a 2017 MacBook Air, a Dell Inspiron 15 system, Samsung Galaxy phones and tablets, first-gen Amazon Echo Dot, Apple Watch 3, Google Pixel 3, Google Home, and more. They achieved different levels of success with both silent and audible responses from the compromised devices.

The iPhone 6 Plus was the only device that turned out to be invulnerable to both NUIT-1 and NUIT-2. The researchers explained this was because the 2014 device likely uses a low-gain amplifier while newer iPhones use high-gain. Another relevant issue discovered by the team is that NUIT-1 exploit only works if the distance between the device's speaker and microphone isn't too wide.

The researchers said that users should avoid purchasing devices designed with the speaker and mic close together to avoid becoming victims of NUIT-1 or NUIT-2 attacks. Using earphones effectively mitigates the exploits since the sound signals are too quiet to register on the microphone. Enabling voice authentication on personal assistant devices (where possible) will limit unauthorized usage. Furthermore, device manufacturers could end the entire category of ultrasound attacks by developing new tools to recognize (and reject) inaudible commands embedded in near-ultrasonic frequencies.