How Inaudible NUIT Attacks Work
While human ears can't detect near-ultrasound waves, smart speakers and voice assistants can. And they respond to it. That means NUIT can manipulate devices, and the attacks will go unnoticed. Threat actors can embed NUIT in websites that play YouTube videos or other media. They can fool targets into playing malicious audio that will launch the attack. They can even play it through Zoom calls.
There are two NUIT attack methods:
Inaudible NUIT commands are only 0.77 seconds long. However, researchers explain that the speaker playing the NUIT has to reach a particular volume level for the attack to work. If successful, NUIT attacks can pose severe risks.
They can control IoTs connected to your smartphone. They can disable your home alarm or unlock your garage door without you knowing it. Because voice assistants can also open websites, NUIT attacks can drop malware on your device without your participation.
Precautions You Can Take Against NUIT Attacks
The researchers took 17 devices and checked their vulnerability to NUIT attacks. Unfortunately, all were controllable using any voice, even robot-generated ones. The only exception was Apple's Siri which only follows commands from the smartphone's owner. If your smartphone has a voice authentication feature, enable it as additional security against NUIT attacks.
Another way to deter NUIT is by using earphones instead of broadcasting audio on speakers. Researchers also encourage users to monitor microphone activity on their devices. Android and iOS smartphones both have on-screen indicators for that.
The Bottom Line
With NUIT's ability to download malware, it can become a real threat to organizations. Business owners should implement strict security measures to mitigate risks. Secure your network and devices by installing security software, enabling spam filters, and setting up a firewall. In addition, have policies in place to guide your employees. You must also back up your data to help speed up recovery in case of data loss.