Gone are the days where a hacker would try steal your bank password or PIN numbers—your data is what a hacker is really looking for. Yes, he is mining for your data, which could be turn out to be gold for him. If you hold private photos on your smartphone, or sensitive documents, it could make a hacker rich overnight. While nude pics and selfies could bring him a substantial amount of money from porn websites, your sensitive documents could fetch him a good amount too. All this data could be used for making money or could also be used against you. However, to get his hands on your data, he needs to have physical access to your device. The other way is to get it through an online route via the internet. A simple malicious code sent to your smartphone can do the trick and help the hacker get all the information on your smartphone without your knowledge. However, though it is not as easy as it sounds, it is still highly possible if the hacker has the right tools and outsmarts you.
However, hackers seem to find new routes and methods of remotely getting their hands on your data. And this time, they have found a way with what people do most on their smartphones—stream videos. YouTube is one of the best sources of free videos around the world. Streaming videos was considered safe since it does not execute any codes in the background. However, that sturdy ground just became sinking sand—hackers are now targeting weak targets by using special videos on YouTube.
As we all know that you can now control your smartphone with voice commands, thanks to Google, Apple and Samsung’s AI voice assistants. A few years ago, researchers a French Agency ANSSI have managed to use radio waves to send hidden commands to smartphones running Google Now and Siri. However, the attack can be possible only if the phone has headphones plugged in.
But according to a report by a team of seven researchers from the University of California, Berkley and Georgetown University have devised a variation on this attack that uses mangled voice commands hidden in YouTube videos. The attack works when you are watching the tainted video on your PC, laptop, TV, tablet or smartphone. This mangled voice is picked by your smartphone (if left open to listening to voice commands even when locked). If the voice commands in the video are picked up by the target victim’s smartphone, the AI from Siri or Google can clean out the unwanted sounds and execute the commands by the mingled voice. Though this is a proof of concept of an attack, we are not sure if the same has been presently in use by hackers around the world.
The type of hidden commands that are embedded in the video can command the AI on the smartphone (Google now or Siri) and instruct it to download and install malware, which can eventually allow the hacker to gain control of the smartphone.