With the fast changing world, hacker’s intentions are no longer old to hack your bank password or pin numbers. They have changed with time and the new hunt is for your data which can prove as a gold pot.
Most of us hold various personal photographs in our smartphones but if they are sensitive, it can make a hacker rich overnight and be used against you. However, it is believed that to access this data the hacker needs physical access to the phone. Not anymore. A simple malicious code sent to your smartphone can get him all he wants without your knowledge.
This time hackers have found the most used way to get access on your smartphone, by leveraging the YouTube to hack mobile devices. Those funny animal videos on YouTube might not be as innocent as they seem initially.
Voice recognition software in YouTube videos could leave your phone exposed. The attack only takes a few hidden voice commands. Distorted voice commands hidden in certain otherwise-innocent videos can carry out malicious operations.
A team from the University of California, Berkeley, and Georgetown University have developed the means to compromise a mobile device using hidden voice commands embedded within a YouTube video. The voice recognition software can make it easier to hack devices, even when spoken words are mangled to basically sound like they're coming from a demon. The hidden voice commands used by the attack are ‘unintelligible to human listeners but which are interpreted as commands by devices.’ For example, the voice could tell your phone to open a URL that exposes it to malware.
The attack works when you are watching the tainted video on your PC, laptop, TV, tablet or smartphone. This mangled voice is picked by your smartphone, if left open to listening to voice commands even when locked.
If the voice commands in the video are picked up by the target victim’s smartphone, the AI from Apple’s Siri or Google Now can clean out the unwanted sounds and execute the commands by the mingled voice. Once these commands are deciphered by the voice-based assistants, they are executed. Such an attack can command the AI on the smartphone and instruct it to download and install malware, which can eventually allow the hacker to gain control of the smartphone.
The researchers will present the threat at the USENIX Security Symposium in Austin, Texas next month, including the defences against the threat that they evaluated.
Meanwhile, it's been revealed that nearly 10 million Android phones have been infected with HummingBad malware, also known as Shedun, which generates fake clicks for adverts, among other things.
