The hackers can for instance have Siri navigate to a certain web site and have malware installed via the page.
Advertisement
An example used is Apple’s voice assistant, Siri.
Researchers working for the French government have found a new way to silently and remotely take control of Siri or Google Now on your smartphone, according to a report from Wired.
“The sky is the limit here”. The only equipment needed during the presentation were a laptop, a USRP software-defined radio, antenna and amplifier. Fourth, the range of the system researchers created is at the most 16 feet, for a big version that needs to be hidden in a vehicle, and six feet for the backpack. If the hardware was scaled up to fill a vehicle, this range would still be no more than roughly 16 feet.
A PIN code or “wake phrase” could be used to launch Siri or Google Now, using voice recognition software to ensure phones don’t take commands from strangers, they said. Additionally, anyone who looks at their phone regularly would probably see unauthorized voice commands being carried out on their phone – it’s not exactly a discrete hack. They also said that it can also be easily thwarted as users could notice their phone is receiving non-existent voice commands and cancel the action. In this scenario the device could control a number of devices with a single signal, perhaps even prompting them to call a “paid number and generate cash”.
In this attack, the headphone cord acts as an antenna, sending commands through the microphone to a digital assistant like Siri.
Once again, this is a complex attack and it is definitely not a pressing concern for most of us. An attacker could also use these silent voice commands to send phishing messages from the user’s email or social accounts. The hackers could then theoretically set up their spoofing device, but it would be much easier just to grab the person’s phone and start messing with it.
The ANSSI researchers say they’ve contacted Apple and Google about their work and recommended other fixes, too: They advise that better shielding on headphone cords would force attackers to use a higher-power radio signal, for instance, or an electromagnetic sensor in the phone could block the attack.
A lot of Android phones don’t have the Google Now voice-activated assistant accessible from the homescreen, as Siri is on the iPhone.
Advertisement
Picture the following: you’re in a room with one of your coworkers. French researchers have discovered that Siri can now be accessed remotely by anyone if your phone has a pair of headphones plugged in.
