期刊名称:Journal of Cybersecurity Education, Research and Practice
印刷版ISSN:2472-2707
出版年度:2018
卷号:2018
期号:1
页码:2
出版社:Kennesaw State University
摘要:This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, spreading a ransomware-like application to those PCs, and executing it remotely. The demonstrated proof of concept, with relevant source code included in the appendix, can be extended and adapted to allow other voice-enabled, mobile, and IoT devices to perform multi-platform attacks against traditional PCs, as well as other mobile and IoT devices, and even critical infrastructure systems. In addition to describing the proof-of-concept attack in detail, the authors propose several remedies individuals and organizations can employ to prevent such attacks.