Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound


What if your smartphone starts making calls, sending text messages, and browsing malicious websites on the Internet itself without even asking you?This is no imaginations, as hackers can make this possible using your smartphone’s personal assistant like Siri or Google Now.A team of security researchers from China’s Zhejiang University have discovered a clever way of activating your voice recognition systems without speaking a word by exploiting a security vulnerability that is apparently common across all major voice assistants.DolphinAttack (Demo): How It WorksDubbed DolphinAttack, the attack technique works by feeding the AI assistants commands in ultrasonic frequencies, which are too high for humans to hear but are perfectly audible to the microphones on your smart devices.With this technique, cyber criminals can “silently” whisper commands into your smartphones to hijack Siri and Alexa, and could force them to open malicious websites and even your door if you have a smart lock connected.The attack works on every major voice recognition platforms, affecting every mobile platform including iOS and Android. So, whether you own an iPhone, a Nexus, or a Samsung, your device is at risk. The attack takes advantage of the fact that human ears generally can’t hear sounds above 20kHz. But the microphone software still detects signals above 20 kHz frequency.So, to demonstrate the DolphinAttack, the team first translated human voice commands into ultrasonic frequencies (over 20 kHz), then simply played them back from a regular smartphone equipped with an amplifier, ultrasonic transducer and battery—which costs less than $3.”DolphinAttack voice commands, though totally inaudible and therefore imperceptible to [a] human, can be received by the audio hardware of devices, and correctly understood by speech recognition systems,” the researchers explain in their research paper [PDF].DolphinAttack Makes Hacking Siri, Alexa & Google Now EasySince smartphone allows users to do a broad range of operation via voice commands like dialling a phone number, sending short messages, opening a web page, and setting the phone to the airplane mode, the researchers were able to order an iPhone to dial a specific number.However, according to the researchers, an attacker can send inaudible voice commands to instruct a device to perform several malicious tasks including:Visiting a malicious website—which can launch a drive-by-download attack or exploit the victim’s device with 0-day vulnerabilities.Spying—the attacker can instruct the victim’s device to initiate outgoing video or phone calls, thereby getting access to the image and sound of device surroundings.Injecting fake information—the attacker can instruct the victim’s device to send fake text messages or emails to publish fake online posts or add fake events to a calendar.Denial of Service—the attacker can inject commands to turn on the ‘airplane mode,’ thereby disconnecting all wireless communications and taking the device offline.Concealing attacks—since the screen display and voice feedback could expose the attacks, the attacker can decrease the odds by dimming the screen and lowering the volume to hide the attack.Typically, the signal sent out by the researchers was between 25 and 39kHz. As for range, the team managed to make the attack work maximum at 175cm, which is certainly practical. What’s scary? DolphinAttack works on just about anything including Siri, Google Assistant, Samsung S Voice, Huawei HiVoice, Cortana, and Alexa, on devices such as smartphones, iPads, MacBooks, Amazon Echo and even an Audi Q3—total 16 devices and 7 systems.What’s even worse? The inaudible voice commands can be accurately “interpreted by the SR [speech recognition] systems on all the tested hardware” and work even if the attacker has no direct access to your device and you have taken all the necessary security precautions.How to prevent DolphinAttacks?The team goes on to suggest device manufacturers make some hardware alterations to address this vulnerability simply by programming their devices to ignore commands at 20 kHz or any other voice command at inaudible frequencies.”A microphone shall be enhanced and designed to suppress any acoustic signals whose frequencies are in the ultrasound range. For instance, the microphone of iPhone 6 Plus can resist to inaudible voice commands well,” the researchers say.For end users, a quick solution to prevent such attacks is turning off voice assistant apps by going into settings, before an official patch lands for your device.How to disable Siri on iPhone, iPad, or iPod touch: Go to your iOS device’s Settings → General → Accessibility → Home Button → Siri and then toggle Allow “Hey Siri” to off.How to turn off Cortana: Open Cortana on your Windows PC, select the Notebook icon on the right side, click on Settings and then toggle “Hey Cortana” to off.How to turn off Alexa on Amazon Echo: Simply press the microphone on/off button on the top of the unit. When

Source: Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound

Advertisements

How to Design for Mobile Layouts


Recently, during a Web Site development project, I came across the need to design responsive layout. The most simplest way one can achieve is to add Mobile responsive meta tags. Details could be read here.

http://www.campaignmonitor.com/guides/mobile/responsive/
http://webdesign.tutsplus.com/tutorials/htmlcss-tutorials/quick-tip-dont-forget-the-viewport-meta-tag/

and last but not the least.
http://stackoverflow.com/questions/13871836/html-meta-tags-for-mobile-devices

If reading is not your forte, add the following META tags in the all your HTML templates, or include them using Server Include / Require


<!-- Mobile specific Metas-->
<meta name="viewport" content="width=device-width, maximum-scale=1, initial-scale=1.0, width=device-width" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<meta name="HandheldFriendly" content="true">
<meta name="MobileOptimized" content="width">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="MobileOptimized" content="320">
<meta name="format-detection" content="telephone=no">
<meta http-equiv="cleartype" content="on">
<!-- Mobile specific Metas-->

<!-- Given the option, one could also include the same properties via CSS.-->

<style>

/* Class for Mobile View handling */
@-ms-viewport{
width: extend-to-zoom;
zoom: 1.0;
}
@viewport{
width: extend-to-zoom;
zoom: 1.0;
}
/* Class for Mobile View handling */

</style>

Emergency / Distress Numbers


With the terbulent times of Karachi we are faced with, it is always nice to have some distress numbers handy with you in case an emergency occurs. Imagine,

  • if you or your loved one is met with an accident, or
  • faced with a abduction, or
  • there is Fire Emergency,

you can at least call some numbers on a moments notice and notify the right authorities.

Nowadays everyone is having a smart phone with them, and it truly makes sense, if those numbers are in your Cell phone, in case you need them.

If you are like normal user, all the numbers mentioned below could be saved separately and when need occurs, one could search and dial those numbers. But won’t it be nice, if all these numbers are displayed under one name, be that “Distress numbers” or “Emergency Numbers” and all one has to do is search “Distress Number” or “Emergency Number” and then choose which place / purpose to dial. Be that a Hospital, Fire Brigade, Police, etcetera. See below for an example.

Just an Example when Distress Numbers are displayed on your Mobile. How easy it would be dial them.

Example of Distress Numbers are displayed on one’s Smart Phone as a single contact

If you want to have those numbers in an arranged way, then do follow these procedures.

Download the VCF (V Card File) based on your phone type, or download all of them in Zip format.

The basic most painless way is to download the Gmail Format, (first one), download it, import it in your ( Synced Gmail, that Gmail account which is synced with your phone ) account from your PC. Once imported in Gmail, that contact will appear in your phone, when it goes online and synchs from Gmail.  Gmail support bi-directional sync.  Link to Importing VCF file in Gmail

Alternatively, if you prefer another route, you could download them and then import them using the procedure mentioned below according to your phone types.

In case you do not have a smart phone, we have listed the numbers for your convenience. You can either input them manually or Google it. on how to import the VCF files listed above.

  • AMAN AMB: 1021
  • CHHIPA AMB: 1020
  • EDHI AMB: 115
  • Rescue CDGK: 1122
  • Police: 15
  • KESC: 118
  • SSGC: 1199
  • Fire Bridage: 16
  • Karachi Water and Swerage: 1339
  • Railways: 117
  • PIA: 114
  • CM House: 919
  • Civil Hospital: 02199215742
  • Jinnah Hospital: 02199223307
  • Abbasi Hospital: 02133260400
  • Liaqat Hospital: 111456456
  • PTCL Inquiry: 1217
  • PTCL Complain: 1218
  • Bomb Disposal Squad: 02199212680
  • CPLC: 02135682222
  • City Warden: 02199244561
  • Rangers: 1101

In other words, in the moment of distress, all you need is

  1. to open your phone
  2. search with the contact named “Emergency” / “Distress” or which ever name you have kept.
    If you have marked that contact as your Favourite, then it is more simpler.
  3. Dial the desired contact by tapping on the desired number.

3 steps is all it takes. Quite handy ain’t it.

If all the import export procedures fail, do not panic. The idea is to have these numbers in your cell phone. One can also keep them individually, and by keeping the starting string set as “Distress / Emergency”, so that all the numbers are still visible when searching with “distress / emergency” string.

The basic idea is to have these distress numbers at a moments notice and to use them when needed. Keep them updated, keep them synched with Gmail.

PS: The numbers are current at the time of writing this post. I will try my best to update these number and in VCF file, if you join hands with me to list the distress services in the comments section.

In case you are having any problems, feel free to drop any comments for further feedback.

Should I buy an IPhone, Andriod Phone, or a Black berry. (What Phone are you)


This is one the debates which is very similar to which car is best. Should I buy this car or that car? or in other words, which type of girl should I marry. Should I be marrying a working women, or the one sitting at home? (I wish answering this question was as easy as buying phone).

Anyway, back to buying phone.  Since the time, I bought an HTC Desire, many people were asking me as to which phone should they be buying. So I decided to write a blog post about what are the crucial factors one should consider on buying which phone.

Do apply the same technique on buying things which have multitude of brands / products, but not when marrying people, that is completely different arena we are talking about.

First off,

DECIDE ON YOUR REQUIREMENTS

Yes, you need to be absolutely clear about the requirements. What you need to do. Examples.

  • I need a Camera with me all the time, so that I do not loose any moment to shoot an awesome image.
  • Can’t compromise on Quality, you should be targetting anything not less than 5 – 8 Mega pixels.
  • I need a phone, which will act as an Email client (probably Outlook functionality) on the go
  • if emailing is of your highest importance, then you are better off with a BlackBerry. More on Black berries later. Not the ones you EAT.
  • I need a phone, which could run games like (Angry birds, Need for Speed, Sniper Attack)
  • I need a phone, which could make calls, video calls, use Skype
  • so and so forth

Also, do keep in mind, that what is your idea of SMART Phone. Are you the person who

  • likes to tinker a lot with your phone
  • or the one who would be looking at your phone to do all the stuff. No need to add / edit / delete stuff

As of time of this blog post being written, there are different platforms which you should consider when buying phone. Each platform has it’s own pros and cons. Here is the quick run down

Nokia Smart Phones

  • Nearly all Nokia smart phone have now access to NOKIA OVI Suite.
  • Nearly all Nokia smart phones will sync with your Outlook on your PC.
  • All all Nokia phones will import export your contacts to and fro in your mobile phones and PC
  • OVI suite app is a bit limited in Applications, but it does hold quite a lot of applications for a limited business users
  • Nokia phones are good in terms of re-selling a phone

Android SMART Phones, they being sold like hot cakes in market these days. The starking differences are as under

  • Whenever an android phone is purchased, it has to be linked with a GMAIL / Google account.
  • with that account, the phone will sync all the Emails / Contacts / SMS all the time, not just at the start of usage. All the time. So even if your latest brand new phone is lost, you do not have to worry a dime about loosing your contacts. All you need to do is to buy another android phone preferably a better one, sync it with same Google account, and within minutes, you will having all your previous contact
  • An extensive App Market, where you could download OTA (Over the air) applications ranging from multitude of suites (Productivity, Games)
  • Gone are the days, when you were keeping installers (on your PC) for Applications to install on your phone.  Google provides online (OTA) installers. Meaning, you are logged in (using the same account which is linked to your phone) from your PC to Google App Market. You browse to the application, select install in the PC Browser. Magically, after a short while, your phone will start downloading the app you selected. Your phone will off course, needs to be connected to either the WIFI, or GPRS connection
  • Importing and exporting Contacts is also very easy in Android. Even if you are coming from Nokia phone to Android phone, your exporting and importing contact process will be very easy and harmless.
  • You can use Custom ROMS to be installed on your Andriod phones, which will at times, change your Andriod Versions, meaning you can upgrade / downgrade to different android Versions plus you can change the entire look of your phone. For trying out Custom ROMS, you need to ROOT your Android Phone.
  • Andriod phones are becoming good in terms of re-selling points, since they are being marketed more and people are becoming aware of them.

Apple IPhones, in Pakistan, to have an Iphone, is like you need

  • Unlock it to be able to use local cellular network. Once unlocked, you need to Jail Break it. Without Jail Breaking an Iphone, you can’t use the phone freely. The process of Jail Breaking is quite similar and easy for a Techie Person, but a bit daunting for a non – techie. So if you are buying an Iphone, make sure its Jail Broken or have a Geek friend ready to Jail Break it. One can use the iPhone without jail breaking it, but then the free apps will be quite limited. Once jail broken, you will have plethora of apps
  • Once the Iphone is jail broken, you have the most awesome phone in your Hand. You will be happy with its utmost performance, but there is no warranty of this phone unlike other brands. However, with the iPhone in your hand, You can use it to
  • Place phone calls
  • send SMS
  • use Facebook
  • use Twitter
  • use Google Plus
  • use it’s very own fast browser (Safari)
  • use emails
  • Play games
  • Download Apps from it’s App Store
  • But on Iphone, your data is pretty much locked. You will be sharing data on your own IPHONE Web Space.
  • With an Iphone, there is very less re-sale value. You would be buying an Iphone by 50K PKR, but when you will be selling the same phone, the price may come down to 35 – 40 K. So be very cautious about owning an Iphone if you worry about re-sale value.

Black Berries

Black berry are most popular for their push Emails and Instant Messaging. Their one of the best selling points is their corporate usage. So if you are user whose primary functions is to use phone for the basic purpose (other than Calling / SMS / Alarms) is to have constant touch on your Emails and you need to respond to your mails ASAP, you will be better off with a Black Berry. Black berries do offer what other mobile phones offer but their starling differences are in corporate Emails / Instant messages.

CONCLUSION

Whether you have decided to buy an Iphone or Nokia or an Android Phone, you need to keep the following things in mind

  • For using an I phone in Pakistan, you need to unlock it (must) and then JAIL BREAK it.
  • For using an Android Phone in Pakistan, it is NOT Necessary to ROOT it. (Rooting and Jail Breaking the phone is the same thing). Your Andriod phone will continue to work even though you do not root it, however, once you have rooted the android phone, your phone will have
  • Increased Performance
  • More features will be enabled
  • Adverts will be removed
  • Many optimum Applications will be enabled
  • Moreover, you will have more control on your phone
  • Nearly all phone will offer the following
  • Capacitive / Resistive Touch Screens
  • Ability to make phone calls (DUH)
  • Ability to SMS (Oh DUH)
  • Alarms, Stop Watch
  • Emails (Be it connecting your office mails, or your GMAIL / YAHOO / Hotmail)
  • Web Browsing
  • WIFI / GPRS /
  • Connecting to your PC and Transferring your Images / Videos / Mp3s to and from your Mobile / PC
  • Sharing your PIC / VIDEOS over the web to your Facebook / Twitter accounts, without transferring them to your phone

Nearly all Websites these days provide the functionality to Compare and Contrast the (Two / three) phones of your choice in terms of Camera Mega pixels, Operating Systems, available Features, Pricing. Some of those sources are listed below. Alternatively you can check the some vendors websites too.

Have a nice time hunting for the phone.

  • http://www.whatmobile.com.pk/
  • Tring Tring  (A site for checking out OLD Cell Phones and selling your own phones). Quite nice site, if you are interested to buy second hand phones.

Vendor Links

Android :: Desk Clock


image
When you search for Android tips and tricks, you get many links stating tips and tricks to perform in your andriod phone. One trick I learned this week end, was never mentioned anywhere. At least I could not read it out on the web, so I decided to share it. Here it goes.

There is an App named DESK CLOCK in HTC and ClOCK in Andriod 2,3 (Ginger bread). That app can be used to act your mobile as a Bed time clock.

I am the user, who keeps the cell phone by keeping  a pattern. Whenever I switch on the phone, whenever  a message arrives, an email arrives, I need to unlock the phone by the drawing the pattern and then the phone will be unlocked. So at times, when I am sleeping, when I need to see time, I really need to concentrate and draw the pattern to see the time. Although at the time, of pattern entering the phone does display the time, but that time is stuck in a small corner.

Enter DESK CLOCK. Once you switch on this app, the first thing, you see is current date, along with DAY name, and time fully emersed in your screen and in big fonts.

So to use your desk clock, do the following

  1. Run the Desk Clock on HTC or Clock on your android cell phone.
  2. Lock the phone and go to sleep.
  3. Now when at the middle of night, when you need to see the time, all you need to do is press the power button, and current date along wit day, and time will be displayed on your phone’s display in big fonts, without any unlock prompt, that you may have set, be that, pattern, numeric lock and password.
  4. if you will interact with the clock, then off course, your phone will ask you for the pattern, numeric lock or password.
PS: You may choose the switch to night mode / day mode depending on which time frame of the day, you are looking at the cell phone.