Skip to main content


Home Dolphin attack

Dolphin attack

Dolphin attack definition

A dolphin attack involves using ultrasonic commands to hijack voice-controlled assistants (like Siri or Google) and gain unauthorized access to a user’s smartphone. Cybercriminals may hide commands in high-frequency sounds that assistant-enabled gadgets can hear — but the users can’t. Hackers may use these frequencies to trigger commands like making phone calls or visiting websites. While the attack hasn’t become common in real-life scenarios yet, researchers have demonstrated that it is possible.

History of dolphin attacks

In 2016, researchers in China proved that it was possible to use ultrasonic sounds to trigger basic commands on a mobile device without the user’s knowledge. The researchers hid high-frequency commands in various sound clips and were able to activate a range of voice-controlled assistants on Apple and Android devices. The research team noted that one way to prevent the attack would be smart speakers using microphones that filter out sounds above 20 kilohertz.

How a dolphin attack may work

  • A cybercriminal may embed hidden ultrasonic commands in online videos or music clips. Alternatively, they may broadcast the commands in public while near a victim.
  • These commands may be anything like dialing a phone number, launching FaceTime, visiting a specified website, taking photographs, or activating the device’s airplane mode.
  • By initiating these commands, hackers could harm users in many ways (like taking them to malware-infected websites and downloading viruses onto the victim’s device).
  • The good news is that the attack wouldn’t work on locked devices or devices trained to respond to only one person’s voice.