In regards to this particular headphone jack hack, the researchers suggest microphone cords with heavier shielding inside.
Advertisement
In its most compact form, the hardware necessary for the hack – a notebook running open-source software GNU Radio, a USRP software-defined radio, an antenna and an amplifier – could fit inside a backpack and give the attacker a range of roughly six and a half feet.
If you’re really anxious, you could disable voice activation or turn the digital assisant on your phone off.
Researchers at French security organization ANSSI have found a way to send radio waves to these devices.
You might want to think twice about leaving your headphones plugged in to your smartphone when you’re not using them.
The technique, detailed in a paper published by the IEEE, requires the devices to have a wired headphones plugged in – specifically headphones with a builtin microphone – and works by turning this cable into an aerial.
The ANSSI researchers say they’ve contacted Apple to share their work and recommend fixes. “Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves”, at the recent “Hack in Paris” conference.
A group of specialists from the ANSSI, a French government agency, have discovered that could gain full control of Siri from around 16 feet away. A larger system could do the job from 16 feet, but you’d need a bit more equipment.
Because the signals are coming through the mic, the smartphone considers them voice commands. In the right conditions, they could do things like fire off SMS messages or initiate phone calls to paid numbers, and force a browser window to open a malicious URL.
Microphone equipped headphones, like Apple’s EarPods, allow you to issue voice commands to Siri with a long button press on the headphone. Also, having it set to act only on the owner’s voice, whether it be on the iPhone or Android devices, would also prevent it from being hacked.
Advertisement
These hackers aren’t ventriloquists, but they might have figured out something even cooler. Siri voice interaction can be further manipulated to launch unwanted or unsecure websites, enter the user’s email account and send emails that could end his career, or to access social networks like Facebook Inc (NASDAQ:FB) and Twitter Inc (NYSE:TWTR) to do a few substantial damage to a person’s public reputation. “This attack is less likely to be leveraged by the criminal underground especially with other methods much easier to implement”.
