Is someone else controlling your virtual personal assistant?
Here’s something gadget freaks might want to know: Researchers in China and the U.S. have found that hackers can take control of Amazon Echo, Google Home, and other connected home devices and phone-based personal assistants by issuing commands that people cannot hear.
Think of this like a dog whistle that your pooch can hear but you cannot. Given that these target devices—which people use to order take-out food, check their bank accounts, and make phone calls—have become hugely popular, this is a bit concerning.
The technique, which Zhejiang University researchers dubbed the DolphinAttack—dolphins also hear high frequencies people can’t—can also take control of Apple aapl Siri running on iPhones or MacBooks as well Microsoft msft Windows 10 machines. Basically, the researchers “translated” spoken commands into higher non-audible-to-human frequencies and played them back to the devices.
The slightly reassuring news here it is that to succeed, the attacker must get physically close to the target device, and put another speaker capable of transmitting ultrasonic sound near it, according to the Princeton group.
The Chinese team said they were able to use the technique on iPhones, Google goog Nexus devices, Amazon amzn Echo home speakers, and cars. And, they noted ominously, they don’t think that list is comprehensive.
Get Data Sheet, Fortune’s technology newsletter.
Summing it up, the Zheijiang team wrote that this work should serve as a “wake-up call to reconsider what functionality and levels of human interaction shall be supported in voice controllable systems.”