Faculty Mentor(s)

Bryson Payne, Ph.D.

Campus

Dahlonega

Proposal Type

Poster

Subject Area

Computer Science/GIS

Location

Nesbitt 3110

Start Date

23-3-2018 11:00 AM

End Date

23-3-2018 12:00 PM

Description/Abstract

The purchase of mobile smart devices and intelligent assistants, such as Siri, Google Home, and Alexa Echo, continues to increase due to their simplicity and practicality. For this study, we will look explicitly at Apple and Android mobile devices. Most individuals feel their information is safe on their device if it is password protected. However, many users are unaware of mobile devices’ privacy and security weaknesses. We hypothesize that inaudible attacks like high-frequency transmissions (dolphin attacks) and low-frequency commands (obfuscated attacks) can be utilized to exploit always-listening mobile devices in ways that humans cannot hear or understand. Without the person knowing their device is compromised, we can use a voice-enabled phone or other mobile device as an attack vector to scan for vulnerable laptops, desktops, or workstations on any wireless network that it may encounter. The scanning will identify the devices’ vulnerabilities that enable further hacking. Finally, the mobile device can be used to send malware to the victims, and damage or disable the systems.

Complying with ethical standards, we will use an experimental methodology and simulations with virtual machines in a controlled environment to test our hypothesis. We expect to find that the high-quality microphones in mobile devices will be susceptible to inaudible or unrecognizable voice commands attacks. These findings will be applied to investigate preventive measures and possible fixes to both dolphin and obfuscated attacks in order to protect consumers.

Keywords: Computer science, ethical hacking, intelligent assistants, mobile hacking, dolphin attacks, obfuscated attacks, malware, mobile device exploitation, vulnerability scan, prevent hacking.

Share

COinS
 
Mar 23rd, 11:00 AM Mar 23rd, 12:00 PM

43. Voice Hacking Extended: Using Inaudible Voice Commands to Exploit Mobile Devices

Nesbitt 3110

The purchase of mobile smart devices and intelligent assistants, such as Siri, Google Home, and Alexa Echo, continues to increase due to their simplicity and practicality. For this study, we will look explicitly at Apple and Android mobile devices. Most individuals feel their information is safe on their device if it is password protected. However, many users are unaware of mobile devices’ privacy and security weaknesses. We hypothesize that inaudible attacks like high-frequency transmissions (dolphin attacks) and low-frequency commands (obfuscated attacks) can be utilized to exploit always-listening mobile devices in ways that humans cannot hear or understand. Without the person knowing their device is compromised, we can use a voice-enabled phone or other mobile device as an attack vector to scan for vulnerable laptops, desktops, or workstations on any wireless network that it may encounter. The scanning will identify the devices’ vulnerabilities that enable further hacking. Finally, the mobile device can be used to send malware to the victims, and damage or disable the systems.

Complying with ethical standards, we will use an experimental methodology and simulations with virtual machines in a controlled environment to test our hypothesis. We expect to find that the high-quality microphones in mobile devices will be susceptible to inaudible or unrecognizable voice commands attacks. These findings will be applied to investigate preventive measures and possible fixes to both dolphin and obfuscated attacks in order to protect consumers.

Keywords: Computer science, ethical hacking, intelligent assistants, mobile hacking, dolphin attacks, obfuscated attacks, malware, mobile device exploitation, vulnerability scan, prevent hacking.