Hackers Can Turn Siri And Google Now Against You !!! đđ
One of the new features in iOS 9 is the ability to train Siri to only recognize your voice so your phone doesnât respond to commands from just anybody. According to a report from Wired, though, a pair of researchers at ANSSIâa French government agencyâhave figured out a way to use radio waves to silently activate Siri or Androidâs Google Now from across the room.
The hack only works if the target device has Siri or Google Now enabled, and has headphones or earbuds plugged in that also have a microphone. Wired explains, âTheir clever hack uses those headphonesâ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phoneâs operating system to be audio coming from the userâs microphone.â
In theory, the attack could be used to anything you can do using the Siri or Google Now voice interaction. The attacker could make calls, send text messages, open malicious websites, send spam or phishing emails, or post to social networks like Facebook and Twitter. By placing an outbound call to the attackerâs own phone the hack could be used to surreptitiously eavesdrop on the victim.
Thatâs the doomsday scenario version. Now, letâs scale it back and look at how plausible it is for an attack like this to actually work. Most of the time that you have headphones plugged in to your smartphone youâre also listening to them. When Siri or Google Now are activatedâeven if initiated silently over the airwavesâthey typically make some sort of noise indicating that theyâre ready to listen to your voice command, and they respond verbally by default so if youâre wearing the headphones you should immediately realize something suspicious is going on.
Even if youâre not actively wearing the headphonesâmaybe your headphones are plugged in but the smartphone and headphones are just sitting on a table in front of youâit would be challenging to activate the virtual assistant without alerting you. The display generally comes to life and displays your request along with the response from Siri or Google now. If youâre sitting there, minding your own business, and your smartphone suddenly springs to life youâd probably notice.
Assuming your smartphone has the headphones plugged in, but youâre not wearing the headphones to hear the voice interaction, and the smartphone is lying face down so you canât see the interaction on the display it is theoretically possible, but still highly unlikely. The attack requires unique hardware and only has a range of between six and sixteen feet according to the researchersâdepending on the size and power of the radio and antenna.
âAdditional functionality, especially concerning user convenience, has often come at the cost of some security,â stressed Gavin Reid, VP of threat intelligence for Lancope. âIn this case the hack needs proximity to work and is a proof of concept needing specialized hardware. High security government equipment and installations have often come with additional shielding specifically to limit emanations and any covert channels.â
Itâs conceivable that an attacker could position the radio in a Starbucks or similar public location and generate commands to all of the devices within range and direct them to call a specific phone number that generates cash for the attacker. The odds of that happening are relatively low, though. As Reid explains, âThis attack is less likely to be leveraged by the criminal underground especially with other methods much easier to implementâ.