The Near Ultrasound Invisible Trojan, or NUIT, was developed by a team of researchers at the University of Texas at San Antonio and the University of Colorado Colorado Springs as a technique to secretly transmit harmful commands to voice assistants on smartphones and smart speakers.
If you watch YouTube videos on your smart TV, then that TV must have a speaker, right? According to Guinevere Chen, associate professor and co-author of the NUIT article, “the sound of harmful commands from NUIT [será] inaudible, and it can attack your mobile phone and connect with your Google Assistant or Alexa devices.” “That can also happen on Zooms during meetings. During the meeting, if someone were to unmute, he could implant the attack signal that would allow him to hack into their phone, which was placed next to their computer.
The attack works by playing sounds close to, but not exactly, ultrasonic frequencies, so they can still be played by off-the-shelf hardware, using a speaker, either the one already built into the target device, or anything nearby. If the first malicious command is to silence device responses, subsequent actions, such as opening a door or disabling an alarm system, can be initiated without warning if the first command was to silence the device in the first place.
“This is not just a problem with software or malware. It is an attack against hardware that makes use of the Internet. According to Chen, the non-linearity of the microphone design is the flaw that the manufacturer must fix to eliminate the vulnerability. “Among the 17 smart devices we evaluated, [solo] Apple Siri devices require the user’s voice, while other voice assistant devices can be activated using any voice or the voice of a robot,” the study authors write.
The use of headphones is Chen’s recommendation for anyone concerned about the NUIT attack, even though a genuine defense against NUIT would involve the use of custom hardware. She indicates that the risk of being attacked by NUIT is reduced if you do not use the speaker to emit sound. “When using headphones, there is a limit to the amount of sound that can be sent to the microphone, since the volume of the sound coming out of the headphones is too low. In the event that the microphone is unable to pick up the subversive inaudible command, the NUIT will not be able to maliciously activate the underlying voice assistant.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad