Hackers are continuously looking for new ways to steal your personal data and sell it on the black market. Thanks to a group of researchers from the University of California, Berkeley and Georgetown University have uncovered a new method of hijacking your phone simply by streaming videos with hidden voice commands.
Everybody knows YouTube and has watched videos on it. It’s generally been considered safe since watching one of their videos doesn’t execute any background code. Using this new technique, all a victim has to do is watch a video created by hackers that has hidden commands embedded in it. It can be done on any basically any nearby device, including laptops, TVs, computers, smartphones, or tablets.
This isn’t the first time there has been evidence that this type of attack was possible. In 2015, researchers with the French Agency ANSSI used radio waves to send commands to smartphones using Siri and Google Now. Unlike in this new example, in that case the smartphone had to have headphones plugged in for the attack to take place.
According to researchers, hackers can conceivably hide various types of commands including one to download malicious code which would allow them full access to a victim’s device. However, there are some steps users can take to protect against this sort of attack. In order to make it more difficult attacker it’s suggested that if you’re going to have voice commands active to also use a verbal challenge-response system or activating a notification whenever a voice command is received.