A dolphin attack refers to a kind of cyberattack where the attacker uses ultrasonic commands to take control of voice assistance software such as Siri or Alexa. The intention is to gain access to the user’s phone, and oftentimes undetectable to the user.
The hackers can hide commands within the ultrasonic sounds that the voice assistants can hear and respond to. However, this hasn’t been observed in real life, but in-lab demonstrations show that it is possible.
Dolphin attack origins
In 2016, China-based researchers were able to prove the possibility of using ultrasonic sounds to deliver commands to a mobile device all without the user ever noticing. The experiment involved hiding high-frequency commands in multiple sound clips which were then able to trigger a series of voice-controlled assistants on Android and Apple devices.
During the experiment, it was also noted that to prevent these kinds of attacks, mobile phones needed smart speakers with filters preventing sounds over 20 kilohertz.
How does a dolphin attack work?
- A hacker embeds hidden ultrasonic commands in online music or video clips. They can also broadcast the commands in public while close to a target.
- These commands can contain a variety of actions, including dialling a phone number, activating FaceTime, launching a specified website, taking a picture, or turning the device’s aeroplane mode on.
- By initiating these commands, the attackers could cause the users to harm in numerous ways.
Luckily enough, these commands don’t work on devices that have been trained to only respond to the user’s voice or devices that are simply locked.