YouTube videos can be used to hack your smartphone

With the fast changing world, hacker’s
intentions are no longer old to hack
your bank password or pin numbers.
They have changed with time and the
new hunt is for your data which can
prove as a gold pot.
Most of us hold various personal
photographs in our smartphones but
if they are sensitive, it can make a
hacker rich overnight and be used
against you. However, it is believed
that to access this data the hacker
needs physical access to the phone.
Not anymore. A simple malicious
code sent to your smartphone can get
him all he wants without your
knowledge.
This timehackers have found the
most used way to get access on your
smartphone, by leveraging the
YouTube to hack mobile devices.
Those funny animal videos on
YouTube might not be as innocent as
they seem initially.
Voice recognition software in YouTube
videos could leave your phone
exposed. The attack only takes a few
hidden voice commands. Distorted
voice commands hidden in certain
otherwise-innocent videos can carry
out malicious operations.
A team from the University of
California, Berkeley, and Georgetown
University have developed the means
to compromise a mobile device using
hidden voice commands embedded
within a YouTube video. The voice
recognition software can make it
easier to hack devices, even when
spoken words are mangled to
basically sound like they’re coming
from a demon. The hidden voice
commands used by the attack are
‘unintelligible to human listeners but
which are interpreted as commands
by devices.’ For example, the voice
could tell your phone to open a URL
that exposes it to malware.
The attack works when you are
watching the tainted video on your
PC, laptop, TV, tablet or smartphone.
This mangled voice is picked by your
smartphone, if left open to listening to
voice commands even when locked.
If the voice commands in the video
are picked up by the target victim’s
smartphone, the AI from Apple’s Siri
or Google Now can clean out the
unwanted sounds and execute the
commands by the mingled voice.
Once these commands are
deciphered by the voice-based
assistants, they are executed. Such an
attack can command the AI on the
smartphone and instruct it to
download and install malware, which
can eventually allow the hacker to
gain control of the smartphone.
The researchers will present the threat
at the USENIX Security Symposium in
Austin, Texas next month, including
the defences against the threat that
they evaluated.
Meanwhile, it’s been revealed that
nearly 10 million Android phones
have been infected with HummingBad
malware, also known as Shedun,
which generates fake clicks for
adverts, among other things