DolphinAttack: Hacking Voice Assistants with Inaudible Voice Commands

About a year ago it came to my attention that voice assistants such as Siri can lead to easily exploitable security issues. As voice assistants are not aware who is talking to them, it doesn’t matter if it’s you or your neighbour shouting “Unlock the door” at ‘m …

Now a team from Zhejiang University has taken it another level by sending out voice commands at frequencies above the 20KHz limits of human ears:

Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear.

With only $3 worth of hardware one can build such a converter themselves.

A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa →

Annyang — Control your site using voice commands

<script type="text/javascript" src="annyang.min.js"></script>
<script type="text/javascript">
if (annyang) {
  // Let's define our first command. First the text we expect, and then the function it should call
  var commands = {
    'show tps report': function() {
      $('#tpsreport').animate({bottom: '-100px'});

  // Initialize annyang with our commands

  // Start listening. You can call this here, or attach this call to an event, button, etc.

Annyang is a tiny javascript library that lets your visitors control your site with voice commands.
annyang supports multiple languages, has no dependencies, weighs less than 1kb and is free to use.

Annyang →
Annyang Source (GitHub) →