Abstract
This paper presents a working proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, spreading a ransomware-like application to those PCs, and executing it remotely. In addition to describing the proof-of-concept attack in detail, the authors propose several remedies individuals and organizations can use to prevent such attacks.
Included in
Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons
Voice Hacking Proof of Concept: Using Smartphones to Spread Ransomware to Traditional PCs
This paper presents a working proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, spreading a ransomware-like application to those PCs, and executing it remotely. In addition to describing the proof-of-concept attack in detail, the authors propose several remedies individuals and organizations can use to prevent such attacks.