American university researchers uncovered a new cyberattack called Near-Ultrasound Inaudible Trojan (NUIT). It threatens devices with voice assistants, launching completely silent attacks. Fortunately, researchers exposed the vulnerability before threat actors could exploit it. The discovery is a warning to everyone to take the necessary precautions.
How Inaudible NUIT Attacks Work
While human ears can't detect near-ultrasound waves, smart speakers and voice assistants can. And they respond to it. That means NUIT can manipulate devices, and the attacks will go unnoticed. Threat actors can embed NUIT in websites that play YouTube videos or other media. They can fool targets into playing malicious audio that will launch the attack. They can even play it through Zoom calls.
There are two NUIT attack methods:
- NUIT-1 - A device is both the transmitter of the NUIT and the recipient. For example, a target plays a malicious audio file on their smartphone. The microphone in the smartphone will hear it and perform the inaudible command. It can send a text to someone or open the garage door.
- NUIT-2 - A device with a speaker transmits the NUIT to other devices with microphones. An example is when a victim plays malicious media on a smart TV, and the NUIT communicates with the smartphone's voice assistant.
Inaudible NUIT commands are only 0.77 seconds long. However, researchers explain that the speaker playing the NUIT has to reach a particular volume level for the attack to work. If successful, NUIT attacks can pose severe risks.
They can control IoTs connected to your smartphone. They can disable your home alarm or unlock your garage door without you knowing it. Because voice assistants can also open websites, NUIT attacks can drop malware on your device without your participation.
Precautions You Can Take Against NUIT Attacks
The researchers took 17 devices and checked their vulnerability to NUIT attacks. Unfortunately, all were controllable using any voice, even robot-generated ones. The only exception was Apple's Siri which only follows commands from the smartphone's owner. If your smartphone has a voice authentication feature, enable it as additional security against NUIT attacks.
Another way to deter NUIT is by using earphones instead of broadcasting audio on speakers. Researchers also encourage users to monitor microphone activity on their devices. Android and iOS smartphones both have on-screen indicators for that.
The Bottom Line
With NUIT's ability to download malware, it can become a real threat to organizations. Business owners should implement strict security measures to mitigate risks. Secure your network and devices by installing security software, enabling spam filters, and setting up a firewall. In addition, have policies in place to guide your employees. You must also back up your data to help speed up recovery in case of data loss.