surfing attack
surfing attack

News highlights:

  1. Researchers discover a new way to hack voice controlled devices through solid tables
  2. SurfingAttack transmits sound waves using the acoustic properties of solids
  3. The attack consists of ultrasonic sound waves that are inaudible to the victim
  4. Reading OTP SMSs, clicking selfies, and making fraud calls are some of the effects
  5. Most smartphones and table surfaces found vulnerable to this attack
  6. Google, Apple, Xiaomi, Samsung models are affected

When we talk about hacking, what comes to your mind?

A malware, a man with a mask, or a dubious email that asks you to log in from an even dubious webpage. Right? But you never think of your table vibrating when you think of hacking. But now, you will.

We have previously covered an article where we talked about how the new age Siris, Alexas and Google Homes can be controlled using laser lights.

We have also covered an article where we highlighted how screen brightness can be used to screw over a computer and trick it into leaking confidential data.

If all that wasn’t enough to make you think about how far we have come from rubbing stones and making fire, the Surfing Attack definitely will.

What is the Surfing Attack?

Researchers have discovered a way to hack into voice-controlled devices using commands that are sent by the least suspicious channel possible – a table. Yes, a table.

Remember how tables are made of solids and how sound can travel through solids, and that too, with better speed as compared to air?

This Oscar-deserving attack called the Surfing Attack leverages this sound wave property to send ultrasonic guided waves through solids over long distances that can work as commands in the voice-assistants like Google and Siri and make them click selfies, open an app or even read your SMSs.

How convenient! The worst part about this attack is that the victim wouldn’t know that their device is being hacked because the attack sounds are not audible to human ears.

ultrasonic waves in table

Source :

The attack is different from the previously discovered hacking methods in two aspects.

One, that it does not require a line of sight since it is using a solid medium to travel; and two, that it triggers multiple rounds of interaction between the attacker and the voice-controlled device.

As more and more people depend on voice-controlled software for their daily chores they become more and more vulnerable to these hacks.

Hacking the SMS two-factor authentication codes, making fraudulent calls that result in premium charges, and even taking unwarranted selfies are some scenarios that raise serious concern.

The researchers from Michigan State University, Washington University in St. Louis, Chinese Academy of Sciences, and the University of Nebraska-Lincoln have published a detailed technical report explaining this attack.

How dangerous is the attack?

As we have already told you above that the attack can lead to some potentially harmful consequences like:

  • Reading your OTP containing messages
  • Clicking selfies
  • Making fraud calls
  • Talking to people using synthetic voice

Even though these scenarios do not ring of malware as of now, they could in fact lead to that case in the future, by prompting the voice controlled device to open a malicious website.

SMS and fraud call hacking procedure

Source :

Which devices does it affect?

Out of the 17 smartphones and 4 types of tables that were used to test the SurfingAttack, the researchers were able to verify it in 15 smartphones (including Google Pixel, Apple iPhone, Samsung Galaxy S9, and Xiaomi Mi 8 and 3 types of tables (metal, glass and wood).

The Huawei Mate 9 and Samsung Galaxy Note 10+, however, did not yield to the attack (due to their OS and phone body). If it helps, the attack also did not crack the Amazon Echo and Google Home. The impacted phone models are:

  • Google: Pixel, Pixel 2, Pixel 3
  • Moto: G5, Z4
  • Samsung: Galaxy S7, Galaxy S9
  • Xiaomi: Mi 5, Mi 8, Mi 8 Lite
  • Huawei: Honor View 10
  • Apple: iPhone 5, iPhone 5s, iPhone 6+, iPhone X

Watch the attack in action below.

How can you defend against the Surfing Attack?

You can protect yourself against the Surfing Attack using basic precaution like keeping your device in your view range and placing a fabric between your device and the table surface.

We can even use phone cases that are thick and made of wood or disable our Voice Assistance on lock screen.

Day after day, there are new feats made into the field of computing and along with that, there are new feats in the hacking world as well.

But researchers around the world make sure that they stay one step ahead of the bad actors by finding out innovative ways of hacking first and warning technologies to equip themselves with the safety mechanisms before the bad actors can take advantage of the findings.

What did you think about this study? Let us know your thoughts in the comments below.

Share this with your technology loving friends and make sure you take the necessary steps to safeguard yourself ahead of time.

Stay tuned, stay safe.


Leave a reply

Your email address will not be published. Required fields are marked *


©2021 Tech Brewery. All Rights Reserved.

Log in with your credentials


Forgot your details?

Create Account