back to article Your phone wakes up. Its assistant starts reading out your text messages. To everyone around. You panic. How? Ultrasonic waves

Voice commands encoded in ultrasonic waves can, best case scenario, silently activate a phone's digital assistant, and order it to do stuff like read out text messages and make phone calls, we're told. The technique, known as SurfingAttack, was presented at the Network and Distributed Systems Security Symposium in California …

  1. Sgt_Oddball

    I wonder if this...

    Also works with something like xbox? The fun to be had pranking someone midgame into having it close itself down..

  2. Anonymous Coward

    Stupid millennial pranks

    Sounds like a meh prank that's way too much work.

    What happened to the good old days when you just put a flaming bag of poop on their doorstep and rang the bell.

    1. Chris G

      Re: Stupid millennial pranks

      I'm assuming after ringing the doorbell that you ran away.

      Otherwise you get the benefits of the flaming bag of poop and a possibly irate occupant.

      Several decades ago, without the faecal flambeau, we called that game ' Knock down ginger', have no idea how that name came about.

      As for remote activation of my phone, I wouldn't touch a voice activated assistant with your's let alone mine, plus the mike app is disabled on my phone.

      1. Anonymous Coward
        Anonymous Coward

        Re: Stupid millennial pranks

        Might have been you took a ginger kid with you, knocked the door, and when you all ran away, you knocked down the ginger kid so he got caught?

        Bloody kids....

      2. Warm Braw

        Re: Stupid millennial pranks

        If you ask your handy local digital assistant, it might offer an explanation. Or not. I can never get them to understand me speaking normally, so I might just give this ultrasonic thing a go.

        1. Chris G

          Re: Stupid millennial pranks

          If you are going to speak to your digital assistant in ultrasound, you're gonna need really tight Y fronts.

          1. Aussie Doc

            Re: Stupid millennial pranks

            For some reason I read that as needing a Y font.

            Must be beer O' clock.

      3. Muscleguy

        Re: Stupid millennial pranks

        On my Android phone the Google App is denied permission to access the microphone. Saying 'OK Google' does absolutely nothing. So clone my voice away, it will do you no good.

        The idea of a piece of technology constantly listening to me creeps me out. My wife after she left me got an Alexa. I haven't been to her place in over a year.

        I don't have a TV for economic and political reasons (not this side of Scottish Independence anyway) so don't have that to worry about since it seems harder to buy one without all this 'smart' tech in it these days.

        I find I don't mss the TV any more, increasingly I would turn it off and do something else. Despite the full cable TV mix there was often nothing on worth watching of an evening. I tried Netflix on this laptop for the initial trial month and cut it short after getting bored. Stopped watching one SciFi thing after being asked to suspend disbelief one too many times. It was human pheromones which broke this came''s back. They have been thoroughly debunked. We are not moths. Visual stimuli have replaced our stunted sense of smell as all the Pron attests.

    2. WolfFan Silver badge

      Re: Stupid millennial pranks

      Be advised that this prank can be a Bad Idea if played on the wrong humorless git. Variants on this idea have got pranksters killed; one was shot dead when the prankee answered the door with a shotgun, and in another case the prankster and two of his friends were killed when the car they were attempting to escape in was run off the road by the very angry prankee. The guy with the shotgun got no punishment, thanks to the Castle Defense. The angry car driver is doing time for Murder One. Perhaps care should be taken during target selection.

      1. Anonymous Coward
        Anonymous Coward

        Re: Stupid millennial pranks

        I think we lived in very different neighbourhoods as kids. I hope you're alright now.

      2. David Nash Silver badge

        Re: Stupid millennial pranks

        The Castle Defense...defending against the terrifying attack known as "knocking on the door"?

        1. WolfFan Silver badge

          Re: Stupid millennial pranks

          Apparently this was at least the third flaming poo attack on the same house, and the target was ‘in fear for his life or property’, the flaming poo being, well, burning, and therefore was an arson attack. It worked... the car guy was also targeted multiple times, but didn’t have as good lawyers.

          1. Anonymous Coward
            Anonymous Coward

            Re: Stupid millennial pranks

            Is poo particularly flammable? It's not something I have ever or would ever consider to do, but I would have thought that it would be a bit too, umm, moist to set fire to very easily?

            1. Chris G

              Re: Stupid millennial pranks

              "Is poo particularly flammable? "

              Not that I have ever tried to light any but I can't imagine human poo is much of a fuel, I do know that the American Plains Indians used buffalo 'chips' for their cooking fires and many nomadic arabs used camel dung for similar purposes.

              1. Martin-73 Silver badge

                Re: Stupid millennial pranks

                I can confirm that newforest pony shite is flammable when dry, and very good for starting campfires (properly done of course, on gravel with nary a gorse bush around)

            2. Brangdon

              Re: Is poo particularly flammable?

              In "flaming bag of poo" it is the bag that is flaming, not the poo. The poo is concealed within the bag. The idea is that the victim doesn't know it is there, stamps on the bag to put the fire out, and thus gets poo on their shoe and possibly splatters themselves.

              1. Anonymous Coward
                Anonymous Coward

                Re: Is poo particularly flammable?

                Ah, I see now. Oh yuck, that really is very, very nasty!

    3. Anonymous Coward
      Anonymous Coward

      Re: Stupid millennial pranks

      Now a bit better due to multiple security levels so may not be as much an issue, but... you could possibly use this to hack peoples account with their phone. Swipe phone, get "2 factor password reset" code from the text being read by the assistant, take account credentials for a nice ride...

    4. Anonymous Coward
      Anonymous Coward

      Re: Stupid millennial pranks

      DNA profiling.

      They may not have you on the system now, but in the future they might and during your court case for that white collar crime you might commit (petty cash theft, fare dodging, unpaid parking fine), they may bring up the previously unsolved shit incident.

      Given how things tend to get blown out of proportion through the lens of the media and the courts.

      That theft of £10 from petty cash and the shit incident 20 years ago will be conflated into "a life of crime" and you'll be prosecuted like a hardened criminal at which point you'll be sentenced like a rapist / murderer.

      Before you know it, there will be a special crime unit set up for investigating these crimes...the Faeces Found Smoulder division (FFS) working in tandem with the Faecal Matter Forensics Laboratory (FMFL).

      Meanwhile in response to this "problem" a team of people from Oxbridge will set up a special research team and funnel through hundreds of people who will go on to get a PhD in shit based crimes and pranks.

      Dr Sanjit H. Itinabhag PhD (failed) of the University of Delhi will make regular appearances with Phil and Holly in the TV to discuss the epidemic.

      The Sun will then start running national headlines to make people afraid of the problem.

      Politicians will then debate it and pass law relating to the act in question.

      Albert's Law will be passed in his memory because there's nothing funny about watching your arsehole neighbour, who punctured your football on his lawn when you were 8, stomping out flaming turds and slipping on them.

      Don't shit in a bag and leave it someone's doorstep kids, you'll get 25 years later in life...if you're lucky...and waste millions in taxpayer money...the rest of us will have to watch it all pan out for decades on the TV and in the news...we'll end up with Maps on our doorstep pledging to "do something about it".

      Just don't do it. FFS.

      1. katrinab Silver badge

        Re: Stupid millennial pranks

        'we'll end up with Maps on our doorstep pledging to "do something about it"'

        Maps as in Minor Attracted Person(S) aka paedophile?

      2. Anonymous Coward
        Anonymous Coward

        Re: Stupid millennial pranks

        What if you use the poop of the dog owned by the neighbor, who repeatedly lets their dog poop in your yard and doesn't clean it up? DNA test reveals... it's his own fault?

        1. SImon Hobson Bronze badge

          Re: Stupid millennial pranks

          You mean, he's getting his own back. OK, I'll get my coat.

    5. Anonymous Coward
      Anonymous Coward

      Re: Stupid millennial pranks

      Ok, boomer.

    6. The Man Who Fell To Earth Silver badge

      Re: Stupid millennial pranks

      Nowadays, the doorbell videos you. And kids today aren't smart enough to wear masks that cover their face & hair, wear non-distinctive clothes, and run in a misleading direction.

      1. eldakka

        Re: Stupid millennial pranks

        And kids today aren't smart enough to wear masks that cover their face & hair
        But if they cover their face, how are they going to unlock their phone to record the prank so they can post it on Facbeook, Youtube and all the other social media outlets they use? And they need to have their face seen in the video of the prank to prove that they did it.

    7. Anon

      Re: Stupid millennial pranks

      We had a neighbour who had mental health problems from an early age, not aided by the extreme painkillers she needed for spine problems later in life, and having a house-bound dependent to look after in her one-bedroom flat. The local kids thought it was hilarious to knock on her door and run away.

      The police came asking after her one day as she had disappeared. I have heard nothing of her since.

      The kids I caught had that rabbit-in-the-headlights look. Yeah, knock-down ginger is a real laugh.

  3. doublelayer Silver badge

    Mitigation options

    "The best way to defend yourself from these attacks is to turn off voice commands, or only allow assistants to work when a handheld is unlocked."

    Another good way that still allows use of voice commands is to disable the vocal trigger to start the assistant. The user can still use commands, but only by pressing a button on the phone to do so. If they have a complex unlocking system and allow a few commands to run without unlocking, this allows them to do that as well. It does prevent using the device when the device isn't near you, but when comparing it to disabling the feature entirely, it will have less effect on a user who uses the commands.

    As attacks go, it's interesting but not the most frightening. It requires a lot of attacker investment and physical proximity. If they do it and I am there, I will likely hear my phone as it reads my new messages aloud and so I'll interrupt it and possibly look for a cause. If they're banking on my not being there so I don't notice the information being read out, they could have someone run in and grab my phone, which would be faster and require less investment on their part.

    1. Stuart Castle Silver badge

      Re: Mitigation options

      Interesting idea. However, they probably wouldn’t get much of interest from my phone. For one thing, I’ve disabled vocal activation. For another, I don’t allow Siri to unlock my phone. I also rarely leave my phone anywhere, unless I am asleep. Even then it’s on the bedside cabinet, so I might hear it.

      Even assuming they got into my phone, all they would likely discover is that we need some milk and bread when I pass the supermarket. Ok, they might get into my work email, but due to an over zealous 2fa system, seemingly three out of four times the client is activated, I need to enter a code from a text. And the Authenticator doesn’t work with Siri.

  4. Conundrum1885

    Could explain why

    Every now and then SO's phone goes berserk.

    Could some app be responding to ultrasonic commands hidden in TV broadcasts?

    It might be by accident as there don't seem to be any coherent effect other than

    randomly launching the browser.

    1. Dan 55 Silver badge

      Re: Could explain why

      Disable the assistant, see if it still happens or not. I would be more inclined to blame some app with advertising malware on the phone.

      1. Anonymous Coward
        Anonymous Coward

        Re: Could explain why

        Or a faulty touch screen/cpu/ram/memory.

        1. Timmy B

          Re: Could explain why


          David Ike...

          The Elder Gods?

        2. Conundrum1885

          Re: Could explain why

          This happened before. The touch screen and OLED was replaced but the fingerprint sensor hasn't worked since. I think it might be faulty.

    2. Anonymous Coward
      Anonymous Coward

      Re: Could explain why

      New viral marketing technique? TV broadcast containing ultrasonic command to open browser to advertised site? For that matter, add an advertiser ID into the link to get paid for tricking people's phones to visit...

      1. Anonymous Coward
        Anonymous Coward

        Re: Could explain why

        Um. That's already an actual feature. Why do you think totally unrelated/required apps ask for "microphone access" even though they are not recording/phonecall apps? It's so the makers also know if your watching their adds/sponsor spots (and yes, patents/marketing options exist for the ultrasound/sterionagraph sounds).

        Thus the "cola collect 3 game" (made up example) that does not need a mic to play, asks for mic access, and knows when you watch/how many adds you watch on tv.

  5. W.S.Gosset

    “We did it on metal. We did it on glass. We did it on wood,”

    Sounds like a good dirty weekend.

    1. MiguelC Silver badge

      Re: “We did it on metal. We did it on glass. We did it on wood,”

      unfortunately it didn't work on the fluffy rug in front of the fireplace

    2. LeahroyNake

      Re: “We did it on metal. We did it on glass. We did it on wood,”

      You beat me to it!

      For some reason it reminded me of the Sarah Silverman fuc#ing Matt Damon song aimed at Jimmy Kimmel. If you haven't seen it it's well worth a look lol

    3. Rob Telford

      Re: “We did it on metal. We did it on glass. We did it on wood,”

      No one will be watching us

      Why don't we do it in the road?

  6. Anonymous Coward
    Anonymous Coward

    Victims must have given Google Assistant or Siri permission to control their phones.


    1. Loyal Commenter Silver badge

      Re: Victims must have given Google Assistant or Siri permission to control their phones.

      There's your problem right there...

      Gimmicks aren't secure. Whodathunkit?

  7. big_D Silver badge


    Wasn't there a similar attack demonstrated when assistants first came out? It didn't use ultrasonics, but it did use steganography to hide commands in background noise that the human ear couldn't pick up, but the phones could.

  8. TimMaher Silver badge

    What’s in a name?

    “SurfingAttack”? They could have called it PhoneWhisperer or something.

    And using Lyrebird to get the simulation going. I mean, that should always have been called Liarbird.

    Kiddies today. No sense of satire.

    1. TRT Silver badge

      Re: What’s in a name?

      Well it's a combination of SurfingAttack and Lyrebird, so it should really be called SurfingBird.

      A bird bird bird... bird is the word. I said a bird bird bird...

      Where's the ear worm warning icon?

  9. Anonymous Coward
    Anonymous Coward

    When Alexis Sanchez used to play for Man Utd, my Amazon Echo kept trying to perform the action "And it's gone out for a throw."

    It's been unplugged since.

  10. Matt_payne666

    tricking assistants isnt particularly new... wasnt there a TV ad a few years back that kept waking up XBoxes, or something...

    with the effort needed to successfully pull off this attack, Proximity, knowing which assistant is enabled(or not) voice matching (even with AI assistance) the end result - unless spooking someone for the lol's, is a pretty meh amount of access to a device - a possible phonecall to a premium rate number? but that would probably be worth less than the time invested... maybe you could get it to open a door - but then you would need to know your target had an enabled lock and then, a brick and window would be easier...

    I know - proof of concept and all that, but I use google quite a bit and the information I can get out of it - knowing how and where said data is - is pretty inconsequential!

  11. s. pam Silver badge

    Big Caveat

    One must have Siri (etc.) enabled.

    I and none of my family do.

  12. Mage Silver badge
    Big Brother

    Aliasing ADC acts as a down conversion mixer?

    I presume this works due to a lack of a low pass filter between the microphone and the ADC and the fact ANY unfiltered ADC will alias signals above the sample rate, acting like a mixer. So it also relies on knowing the default sample rate for the model.

    A remotely connected piece of custom HW can be fitted in a light socket, plug socket, behind a clock, smoke alarm, built into table etc. Connected to UWB spread spectrum, GSM, 3G, 4G, fibre or WiFi.

  13. JDX Gold badge


    I saw a video demonstrating you can trigger voice commands in a similar way by encoding audio commands in LASER (I think it was LASER, light of some sort). They didn't seem very sure exactly why or how it worked but it seemed to.

    1. ma1010

      Re: LASERs

      Those damned sharks are up to it again, I see.

    2. Martin-73 Silver badge
      Black Helicopters

      Re: LASERs

      It was Destin on smarter every day... in this video I think?

      Not sure why you got a downvote, maybe an app developer is watching

      1. JDX Gold badge

        Re: LASERs

        Yeah that's the one. IIRC it was responding to a proper academic paper?

        1. Martin-73 Silver badge

          Re: LASERs

          I believe so

  14. Drew Scriver
    Thumb Up

    Very useful feature to convince people their device may be listening

    Ever tried to convince someone that you don't want to have a private conversation until they turn off their device? Usually people just get offended and tell you off.

    Enter this hack.

    Just activate their device and voila; they're instant converts to the security implications of 'smart' devices.

    They may still counter that "they've got nothing to hide" and all that, but at least they will have to admit you had a point.

  15. User McUser

    Begs the question...

    Why are the microphones in these devices even capable of picking up ultrasonic frequencies?

    Even if that's just how a good quality microphone works these days, one would think that in a device intended for human vocal communication that any sounds above 20kHz would be considered useless noise and be removed via a low-pass filter.

    1. Anonymous Coward
      Anonymous Coward

      Re: Begs the question...

      User McUser,

      "... any sounds above 20kHz would be considered useless noise and be removed via a low-pass filter."

      But a low-pass filter costs 5c/2p which adds up when you are producing millions of phones and the 'Poor' companies cannot afford to spend this extra cash !!!

      :) [Tongue firmly in cheek]

    2. eldakka
      Black Helicopters

      Re: Begs the question...

      Maybe it's "working as intended"?

      There have been cases of apps being able to listen for specific signals from broadcast TV, mostly used for marketing/advertising/profiling purposes. So perhaps this is an intended capability of the device for use in those types of situations?

    3. Anonymous Coward
      Anonymous Coward

      Re: Begs the question...

      I think that's how those "play along at home" TV programme companion apps work - by picking up on inaudible sounds from the TV.

  16. Anonymous Coward
    Anonymous Coward

    Oh this could be fun.

    "OK Google"

    "Text Wife I'm bringing home Sally, we can have that threesome tonight."

    Innocently ask the next day how their evening went.

    Alternately it is plausible deniability.

    "Why boss that text I sent saying you are full of it. Why some evil person must have hacked my cell phone with that ultrasound thing."

  17. TeeCee Gold badge


    Just out of interest, what's the ultrasonic for; "Siri, order an Uber from here to Basingstoke now."?

    Just idle curiosity, no ulterior motive at all.

  18. Aussie Doc


    Huawei’s phone was okay, then?

    Fancy that.

  19. Blackjack Silver badge


    Getting a phone with a removable battery doesn't sound so paranoid now, right?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like