A few hidden voice commands in a YouTube video are enough to hack any mobile device (smartphone) running Android or iOS according to researchers.
A team seven researchers from the Universities of California, Berkeley, and Georgetown devised an attack that uses garbled voice commands hidden in YouTube videos.
The attack works when the victim watches a "tease" on YouTube that contains hidden voice commands. The video doesn't have to play on his mobile device, but on any nearby one laptop, smart TV, tablet or other smartphone.
The mobile collects distorted commands, and Siri's or Google Now's audio filtering features will clear the sounds and execute the commands.
Researchers have, as you will see below, recorded their attack on videos. The video shows that some of the distorted voice commands are easy to hear, and a man with enough attention, but some of the commands are impossible to hear from a human ear.
The kind of hidden commands that can be embedded in such videos are simple Google searches with download instructions and installationς malicioussoftware that ultimately allows the attacker to take full control of the device.
The technical details of the attack are available on the official website of the project.
See the presentation video