Faculty Mentor(s)
Bryson Payne, Ph.D.
Campus
Dahlonega
Proposal Type
Poster
Subject Area
Computer Science/GIS
Location
Nesbitt 3110
Start Date
23-3-2018 11:00 AM
End Date
23-3-2018 12:00 PM
Description/Abstract
The purchase of mobile smart devices and intelligent assistants, such as Siri, Google Home, and Alexa Echo, continues to increase due to their simplicity and practicality. For this study, we will look explicitly at Apple and Android mobile devices. Most individuals feel their information is safe on their device if it is password protected. However, many users are unaware of mobile devices’ privacy and security weaknesses. We hypothesize that inaudible attacks like high-frequency transmissions (dolphin attacks) and low-frequency commands (obfuscated attacks) can be utilized to exploit always-listening mobile devices in ways that humans cannot hear or understand. Without the person knowing their device is compromised, we can use a voice-enabled phone or other mobile device as an attack vector to scan for vulnerable laptops, desktops, or workstations on any wireless network that it may encounter. The scanning will identify the devices’ vulnerabilities that enable further hacking. Finally, the mobile device can be used to send malware to the victims, and damage or disable the systems.
Complying with ethical standards, we will use an experimental methodology and simulations with virtual machines in a controlled environment to test our hypothesis. We expect to find that the high-quality microphones in mobile devices will be susceptible to inaudible or unrecognizable voice commands attacks. These findings will be applied to investigate preventive measures and possible fixes to both dolphin and obfuscated attacks in order to protect consumers.
Keywords: Computer science, ethical hacking, intelligent assistants, mobile hacking, dolphin attacks, obfuscated attacks, malware, mobile device exploitation, vulnerability scan, prevent hacking.
43. Voice Hacking Extended: Using Inaudible Voice Commands to Exploit Mobile Devices
Nesbitt 3110
The purchase of mobile smart devices and intelligent assistants, such as Siri, Google Home, and Alexa Echo, continues to increase due to their simplicity and practicality. For this study, we will look explicitly at Apple and Android mobile devices. Most individuals feel their information is safe on their device if it is password protected. However, many users are unaware of mobile devices’ privacy and security weaknesses. We hypothesize that inaudible attacks like high-frequency transmissions (dolphin attacks) and low-frequency commands (obfuscated attacks) can be utilized to exploit always-listening mobile devices in ways that humans cannot hear or understand. Without the person knowing their device is compromised, we can use a voice-enabled phone or other mobile device as an attack vector to scan for vulnerable laptops, desktops, or workstations on any wireless network that it may encounter. The scanning will identify the devices’ vulnerabilities that enable further hacking. Finally, the mobile device can be used to send malware to the victims, and damage or disable the systems.
Complying with ethical standards, we will use an experimental methodology and simulations with virtual machines in a controlled environment to test our hypothesis. We expect to find that the high-quality microphones in mobile devices will be susceptible to inaudible or unrecognizable voice commands attacks. These findings will be applied to investigate preventive measures and possible fixes to both dolphin and obfuscated attacks in order to protect consumers.
Keywords: Computer science, ethical hacking, intelligent assistants, mobile hacking, dolphin attacks, obfuscated attacks, malware, mobile device exploitation, vulnerability scan, prevent hacking.