Modern hearables, such as wireless earbuds with transparency mode, are designed to enhance user awareness by relaying ambient sounds. However, this functionality introduces a new attack surface. We present UltrasonicWhisper+, a novel attack that exploits microphone nonlinearity to inject inaudible ultrasound into hearables, resulting in the demodulation of phantom audible sounds delivered directly to the user. Unlike prior ultrasound-based attacks that target voice assistants, our method deceives users themselves by simulating either internal hearable audio or spatial environmental sounds. We evaluate five commercial hearables and find that demodulated sound quality varies by device, with mean opinion scores (MOS) ranging from 1.26 to 3.27 and short-time objective intelligibility (STOI) ranging from 0.44 to 0.75. Behavioral studies show that participants followed an average of 28.0% of false instructions even after being warned about the attack. Moreover, spatialized ultrasonic sounds achieved 65.5% localization accuracy (±45°), and a false acceptance rate of 28.4% when perceived as ambient sound. These findings demonstrate that users can be reliably deceived via inaudible audio signals, raising serious concerns for safety-critical applications. Our results call for a reexamination of hearable device security and highlight the need for robust countermeasures.
Watanabe et al. (Mon,) studied this question.