Share this article
A New Ultrasonic Hack Can Exploit Your Siri
A new hack called a SurfingAttack uses ultrasonic guided waves to communicate with a device through the voice assistant.
Updated Sep 14, 2021, 8:26 a.m. Published Apr 7, 2020, 8:01 p.m.
Researchers are sounding the alarm about a new type of hack focused on smart digital assistants like the Amazon Alexa or Apple's Siri.
STORY CONTINUES BELOW
The hack, called a "SurfingAttack," uses ultrasonic guided waves that are imperceptible to the human ear to communicate with a device through the voice assistant. It could be used to target Ring services with door deadbolts attached or move the temperature dial on your thermostat.
Security researchers who developed the attack say it enables multiple rounds of interactions between a voice-controlled device and attackers over relatively long distances and without the need for the device to be within sight. It could even be conducted through a heavy surface, like a table.
“Humans cannot hear anything, but the voice assistants will interpret these ultrasonic sounds as a voice command, and conduct certain operations because of it,” said Qiben Yan, an assistant professor at Michigan State University’s Secure and Intelligent Things Lab, who was the lead investigator on the project. “Sending the commands to the voice assistance, we can basically control the voice assistant. There's a lot of opportunities for this when people put their phones down on a table and leave them unattended.”
Yan said hackers could launch conversations with a victim's contacts, and depending on how connected their devices are, potentially control home devices, lock or unlock a car or front door, or alter the thermometer. Such attacks could also impact two factor authentication, by reading the security code sent via text back to the hacker.
Using a $5 off-the-shelf PZT transducer, a type of electroacoustic transducer, the researchers were able to successfully compromise the following devices.
They believe that more devices could be vulnerable, including phones protected by silicone rubber phone cases.
There are steps people can take to prevent such attacks though. Disabling the voice assistance when your phone is locked, or making sure your phone is on a covering such as a tablecloth, can stop the ultrasonic ways from affecting it. Using phone cases of uncommon materials like wood can also help.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Stripe-Backed Blockchain Tempo Starts Testnet; Kalshi, Mastercard, UBS Added as Partners
Tempo, built by Stripe and Paradigm, has started testing payment-focused blockchain and has onboard a slew of institutional partners.
What to know:
- Stripe and Paradigm’s Tempo blockchain has launched its public testnet for real-world payment testing.
- Kalshi, Klarna, Mastercard and UBS are among a wave of new institutional partners now involved in the project.
- Tempo aims to offer low-cost, fast-settlement infrastructure for global payments as stablecoin adoption is accelerating globally.
Top Stories
