Researchers have found out that it is possible for a computer malware to bypass security by using the voice synthesizer. This could ultimately lead to revealing secret information on a large scale, as voice control options are being used by more than a hundred million smartphones and PCs.
These features for voice control are designed for easy usage of smartphones and PCs for disable people. It could however provide a way for a hacker to breach security by bypassing the security protection and thus gaining access to confidential data being stored on these devices. The accessibility features allow for controlling the graphical interface without any need for typing. However, if these features are not designed with caution, they could be abused.
Research Paper& Demonstrations:
Georgia Tech researchers found out that it was easy for them to bypass security protocols with the help of voice controls. This work has been explained in a recent paper by the researchers and lists 12 ways in which Android, Windows, iOS and Ubuntu Linux phones could be attacked. These attacks will not require any physical contact with the device but can be easily carried out remotely. This paper will also be presented at CCS’14 conference next week in Scottsdale, Arizona.
A demonstrated explained how it is possible for a malware to use Windows Speech Recognition and then talk itself into running many commands which normally require quite a high privilege level.
Another of the demonstration explained how it is possible for a malware to attack any smartphone. This method uses the voice controlling assistant Google Now, which is pre-installed in smartphones with Android based systems. It can manipulate the security by using a voiceprint of a passcode which is entered normally by typing. Researchers have shown how the attacker could record an authentication phrase in a Motorolla phone and convert this text into speech with the help of an application, and thus start issuing commands impersonating the user.
Fundamental Issues with Voice Recognition Softwares:
Wenke Lee, the leading computer scientist at Georgia Tech, explains that these problems appear as a result of including speech recognition features into the phones at the last developmental stage.He says that these fundamental issues are harder to fix as these features have been added after implementing the OS and thus do not have same security checks as the rest of the OS.
It is an important issue to look over for main OS companies: Apple, Microsoft, Google& Linux as hackers can exploit these vulnerabilities for initiating attacks on remote devices. A phone that would start speaking itself will be hard to miss but hackers could collect data through a motion sensor app about usersthat are away from phone.