75% of US Households May Be at Risk of Voice Assistant Hacks by 2025

With nearly 3 in 4 United States households projected to have some form of voice-activated speaker by 2025, the risk of ultrasonic wave-based hacking is a real concern.


In yet another example of research that highlights the importance of using a custom integrator, data from Atlas VPN reports that 75% of households in the United States will have a voice-assisted speaker by 2025 that could be vulnerable to hacking.

According to the study, recent findings also show that voice assistants can get hacked by using ultrasonic waves to imitate voice commands. Ultrasonic waves do not make a sound, which means that voice-assisted speakers can be hacked without alerting the owner, according Atlas VPN, provider of a free VPN app.

Currently, voice-assisted speakers can be found in approximately 40% of homes in the U.S. It is estimated that the U.S. smart speaker market will almost double by 2025. In 2014, the devices were being used in 0.5% of U.S. households.

In February, a team of researchers hacked voice assistants on 15 of 17 popular smartphones. They tested both Apple (Siri) and Android (Google Assistant) devices.

The main findings, cited in the Atlas VPN press release, were:

Firstly, ultrasound can travel through solid surfaces to activate voice assistants. The waves are able to move through metal, wood, silicone rubber, and glass. In the experiment, the actual device transmitting ultrasonic waves was under the table, completely undetectable.

Secondly, it is possible to hear what the assistant answers and to continue the interaction. To do so, the first command sent to the device turns down the volume to a minimum. Then, the assistant’s responses get drowned in the noise of a busy street or a cafe.

Yet, sensitive microphones can intercept and amplify the response sound. Hence, hackers could carry out the attack while the phone owner is completely unaware. Using this approach, researchers were able to read messages, take photos, and make calls on the victim’s device.

This raises security concerns, as some banks use message authentication to access the account. Overall, findings lead to many new hacking opportunities, which is why it is imperative for integrators to be engaged with consumers to establish secure networks.

“The biggest issue with voice assistants,” says Rachel Welch, COO of Atlas VPN, “they are listening day and night. It is true that Siri or Google Assistant only answer when you mention their names. Yet, to detect when their names were mentioned, they have to listen continuously.”

Using a CE pro to protect the vulnerable home network from cyber attacks is a precaution that integrators should stress to clients. Also, there are voice control options, such as Josh.ai, that do not connect to the cloud and help maintain client privacy.

This article originally appeared on our sister publication Security Sales & Integration’s website.