In order to hack into Siri or Google now remotely, the hacker must be within 16 feet of the phone in question. By sending radio waves that take over an iPhone Siri or Google Now voice command system, according to researchers at the French ANSSI network and information security agency. Additionally, the researchers suggest that if Apple and Google allowed users to set their own activation word like the Moto X does, hackers wouldn’t be able to activate Siri or Google Now, unless they knew your specific name or phrase. “Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves”, at the recent “Hack in Paris” conference.
Advertisement
The exploit isn’t without limitations. The only way that a user can be a victim of this kind of attack is if their microphone-enabled headphones are plugged into the jack of their smartphone and have Siri or Google Now enabled. Still, the risk isn’t zero.
“The sky is the limit here”. Google Now voice control isn’t accessible from the lock screen by default, however Siri is.
If the equipment would have been bigger to fill a vehicle, The Verge said the estimated distance for it to work would be about 16 feet only. For one thing: Don’t leave headphones with a microphone plugged into your phone, and disable voice control enabled when the phone is locked. The hackers can for instance have Siri navigate to a certain web site and have malware installed via the page. On devices on which Google Now or Apple’s Siri digital personal assistants have been activated, the electrical signals could be modulated to generate a keyword command like “OK, Google” or “Hey, Siri”, and begin issuing commands to those devices.
“You could imagine a bar or an airport where there are lots of people”, says Strubel.
The attack uses the cable of the headphone as antenna to induce electric signals that Siri understands as voice commands. “We have seen hacks ranging from turning RAM chips into radios broadcasting air-gapped data to pita-sized radios stealing encryption keys to opening garage doors with a child’s toy”, said Craig Young, a security researcher at Tripwire.
Advertisement
The iPhone or Android users would notice the attack only if he or she looked at the screen – or after the fact, in case any traces are left. Researchers in France have shown that they can hijack your phone via those headphones with microphones, using the headphone wires as an antenna to pick up their malicious signals.
