Comments
“Ok, Google, call an expensive premium number.” Normally a user would never use such a voice command on their smartphone but an attacker could use something like that without the owner’s permission, a study has found.
Chinese researchers have published a method whereby unrecognised commands can be executed on Android devices. To this end they developed a programme called VoicEmployer that uses recorded voice commands to get the voice assistant Google Now to call phone numbers.
The researchers from the Chinese University of Hong Kong say their programme is also able to fake text messages and emails and retrieve users’ personal information.
The aim of the research project was to demonstrate the potential dangers of so-called zero-permission apps. These apps don’t actually have access to sensitive telephone functions. According to the researchers, the zero-permission app they created shows that an app doesn’t need permissions to be a security risk.
There are indications that this so-called GVS-Attack only works reliably on phones that aren’t protected by a passcode lock.
Therefore to protect themselves against programmes with similar functions to VoicEmployer, users are advised to set up a passcode lock.
In addition, programmes should only be installed from trusted sources such as Google’s Playstore and other official app stores.
Comments
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.