Kaaliyeyaasha Codka ayaa kaa caawinaya hawlaha maalinlaha ah - ha ahaato inaad ballan la samaysato macmiil si aad u ciyaarto muusig iyo wax ka badan. Suuqa la xidhiidha caawiyayaasha codka waxaa ka buuxa fursado: Google , Siri , Alexa , iyo Bixby . Kaaliyayaashan waxa la damciyaa iyadoo la isticmaalayo amarrada codka oo wax la qabto. Tusaale ahaan, waxaad waydiisan kartaa Alexa inuu ciyaaro qaar ka mid ah heesaha aad dooratay. Qalabkan waa la afduubi karaa oo loo adeegsan karaa qofka iska leh aaladda. Maanta, waxaan baran doonaa wax ku saabsan Weerarada Surfing^{(Surfing Attacks)} iyadoo la isticmaalayo mowjadaha Ultrasound iyo dhibaatooyinka ka iman kara.

Waa maxay Weerar-Dhul-badeed?

Qalabka casriga ah waxaa lagu qalabeeyaa caawiyayaasha codka sida Google Home Assistant , Alexa oo ka socda Amazon , Siri oo ka socda Apple , iyo qaar ka mid ah caawiyayaasha codka ee aan caanka ahayn. Wax qeexitaan ah meelna kamaan helin internetka^(Internet) , markaa waxaan u qeexay sidan soo socota:

“Surfing attacks refer to hijacking of voice assistants using inaudible sounds such as Ultrasound waves, with an intention to access device owners’ data without the knowledge of owner”.

Waxaa laga yaabaa inaad horeba u ogaatay in dhegaha bini'aadamku ay wax ka ogaan karaan dhawaaqyada inta u dhaxaysa dhawr jeer oo isdaba joog ah (20 Hz ilaa 20KHz. Haddii qof u soo diro calaamado maqal ah oo ka dhacaya meel ka baxsan spectrum audio spectrum ee dhegaha bini'aadamka, qofku ma maqli karo iyaga, sidoo kale Ultrasounds . oo ka baxsan aragtida dhegaha dadka.

Niman xun ayaa bilaabay isticmaalka mawjadaha Ultrasound si ay u afduubtaan qalabka sida casriga ah iyo guryaha smart, ee isticmaala amarrada codka. Amarradan codka ah ee inta jeer ee hirarka Ultrasound ayaa ka baxsan aragtida aadanaha. Taasi waxay u ogolaataa haakarisku inay helaan macluumaadka ay rabaan (kaas oo lagu kaydiyo qalabka casriga ah ee codka ku shaqeeya), iyadoo la kaashanayo caawiyayaasha codka. Waxay u adeegsadaan dhawaaqyo aan la maqlin dhamaadkan.

Weerarada dabaasha, haakarisku uma baahna inay ku jiraan safka aragga aaladda casriga ah si ay u xakameeyaan iyagoo isticmaalaya caawiyayaasha codka. Tusaale ahaan, haddii iPhone la dhigo miiska, dadku waxay u maleynayaan in codku uu ku wareegi karo hawada sidaas darteed haddii amarka codku hawada soo galo, waxay ogaan karaan tuugada. Laakiin sidaas maaha sababtoo ah mowjadaha codku waxay u baahan yihiin kaliya kirishbooye si ay u faafiyaan.

Ogow^(Know) in farshaxanada adag ay iyaguna kaa caawin karaan faafinta codka ilaa inta ay gariirayaan. Miis ka samaysan alwaax ayaa wali mari kara mowjadaha codka alwaaxyada. Kuwani waa mowjadaha Ultrasound ee loo isticmaalo amarro si loogu sameeyo waxyaabo si sharci darro ah loogu sameeyo taleefannada casriga ah ee isticmaala bartilmaameedka ama aaladaha kale ee casriga ah ee isticmaala kaaliyeyaasha codka sida Google Home ama Alexa .

Akhri^(Read) : Waa maxay Weerarka lagu buufiyo Password^{(Password Spray Attack)} -ka ?

Sidee buu u shaqeeyaa weerarrada dabaasha?

Isticmaalka mowjadaha ultrasound ee aan la maqli karin kuwaas oo dhex mari kara dusha sare ee mashiinada lagu hayo. Tusaale ahaan, haddii taleefoonku uu saaran yahay miis alwaax ah, waxa kaliya ee ay u baahan yihiin waa inay ku dhejiyaan mashiinka miiska u diri kara mowjadaha ultrasound ee weerarka surfing.

Dhab ahaantii, qalabku waxa uu ku xidhan yahay miiska dhibbanaha ama dusha kasta oo isaga ama iyada ay isticmaalayaan si ay ugu nastaan ​​kaaliyaha codka. Qalabkani wuxuu marka hore hoos u dhigayaa mugga kaaliyeyaasha caqliga leh si dhibbanayaashu aysan waxba uga shakin. Amarku wuxuu ku yimaadaa aaladda ku dheggan miiska iyo jawaabta amarka sidoo kale waxaa soo aruuriya isla mashiinka ama shay kale oo laga yaabo inuu yaal meel fog.

Tusaale ahaan, amar ayaa la bixin karaa iyadoo leh, " Alexa , fadlan akhri SMS - ka aan hadda helay". Amarkan waa mid aan maqli karin dadka qolka ku jira. Alexa wuxuu ku akhriyaa SMS -ka ka kooban OTP (password hal mar) cod aad u hooseeya. Jawaabtan waxaa mar kale qabsaday aaladda afduubka waxaana loo diraa meel kasta oo ay tuugtu rabaan.

Weerarada noocaan oo kale ah waxaa loo yaqaan 'Surfing Attacks ' . Waxaan isku dayay inaan ka saaro dhammaan ereyada farsamada ee maqaalka si xitaa kuwa aan farsamada ahayn ay u fahmaan dhibaatadan. Akhriska sare, halkan waxaa ah xiriirinta warqad cilmi-baaris^{(a link to a research paper)} oo si fiican u sharraxaysa.

Hoos ka akhriso^{(Read next)} : Maxay yihiin Weerarada Dhulka^{(What are Living Off The Land attacks)} ?

Surfing Attacks: Hijack Siri, Alexa, Google, Bixby with Ultrasound Waves

Voice Assistants help you with daily chores – be it mаking an apрointment with a client to plaуing music and more. The market related to voice assistants is full of options: Google, Siri, Αlexa, and Bixby. These assistants are activated using voice commands and get things dоne. For example, yoυ can ask Alexa to play some ѕongs of your choice. These devices can bе hijacked and used against the owner of the device. Today, we will learn about Surfing Attacks using Ultrasound waves and the potential problems it poses.

What is a Surfing Attack?

Smart devices are equipped with voice assistants such as Google Home Assistant, Alexa from Amazon, Siri from Apple, and some not-so-popular voice assistants. I could not find any definition anywhere on the Internet, so I define it as follows:

“Surfing attacks refer to hijacking of voice assistants using inaudible sounds such as Ultrasound waves, with an intention to access device owners’ data without the knowledge of owner”.

You might already know that human ears can perceive sounds only between a range of frequencies (20 Hz to 20KHz. If anyone sends audio signals that fall outside the audio spectrum of human ears, the person cannot hear them. Same with Ultrasounds. The frequency is beyond the perception of human ears.

The bad guys started using Ultrasound waves to hijack devices such as smartphones and smart homes, that use voice commands. These voice commands at the frequency of Ultrasound waves are beyond human perception. That allows hackers to obtain the information they want (which is stored in the voice-activated smart devices), with the help of the sound assistants. They use inaudible sounds for this end.

For surfing attacks, hackers need not be in the line of sight of the smart device to control it using voice assistants. For example, if an iPhone is set on the table, people assume that voice can move around in the air so if voice command comes through the air, they can notice the hackers. But it is not so because voice waves need just a conductor to propagate.

Know that solid artifacts too can help voice propagate as long as they can vibrate. A table made up of wood can still pass voice waves through the wood. These are the Ultrasound waves being used as commands to get things done illegally on the target users’ smartphones or other smart devices that make use of voice assistants such as Google Home or Alexa.

Read: What is a Password Spray Attack?

How do Surfing Attacks work?

Using inaudible ultrasound waves that can travel through the surface where the machines are kept. For example, if the phone is on a wooden table, all they need to do is to attach a machine to the table that can send ultrasound waves for surfing attack.

Actually, a device is attached to the victim’s table or whatever surface he or she is using to rest the voice assistant on. This device first turns down the volume of smart assistants so that the victims don’t suspect anything. The command comes via the device attached to the table and the response to command too is collected by the same machine or something else that may be at a remote place.

For example, a command may be given saying, “Alexa, please read the SMS I just got”. This command is inaudible to people in the room. Alexa reads out the SMS containing OTP (one-time password) in an extremely low voice. This response is again captured by the hijacking device and sent to wherever the hackers want.

Such attacks are called Surfing Attacks. I have tried to remove all technical words from the article so that even a non-techie can understand this problem. For advanced reading, here is a link to a research paper that explains it better.

Read next: What are Living Off The Land attacks?

Related posts

• Siri, Kaaliyaha Google, & Cortana - Saddex Caawiye Dijital ah marka la barbardhigo

• Furayaasha ugu Wanaagsan ee Smart 2019 ee la shaqeeya Alexa iyo Google Home

• Shodan waa mashiinka raadinta aaladaha internetka ku xiran

• Internetka Waxyaabaha (IoT) - Su'aalaha Inta badan La Isweydiiyo (FAQ)

• Yaa iska leh Xogta IoT? Soo-saare, Isticmaalaha Dhammaadka, mise cid saddexaad?

• Khariidadaha Kiiboodhka Google Docs ee Windows 11/10 PC

• 10ka Mawduuc ee ugu Wanaagsan Google Chrome browser

• Qaababka qaan-sheegga ugu fiican ee Google Docs ee Freelancers, Ganacsiga Yaryar

• Waa maxay Internetka Waxyaabaha - Soo bandhigida SkyNet!

• Qeexida Jajabka Android, Dhibaatada, Arrinta, Shaxda

• Sida loola wadaago 'Koobi' ka samee xiriirinta faylashaada Google kuwa kale

• Sida loo beddelo Default Print Settings gudaha Google Chrome

• Sida loo abuuro oo loo tirtiro Profiles Google Chrome browserka

• Sida loo hagaajiyo Khaladaadka Soo Dejinta Faylka ee browserka Google Chrome

• Isticmaalka Google Earth ee browserka Chrome.

• Sida Documents loogu badalo PDF iyadoo Google Docs la isticmaalayo browser ah

• Sida loo dejiyo moduleka Raspberry Pi oo leh goobaha caadiga ah

• Anna Assistant waa kaaliyaha codka ugu fiican Google Chrome

• Google vs Bing - Helitaanka mashiinka raadinta saxda ah ee adiga

• Wax-soo-saarka ugu fiican ee Google Sheets si loo horumariyo wax soo saarka