Hackers Can Turn Siri And Google Now Against You

By October 26, 2015 Article, Security

According to a report from Wired, though, a pair of researchers at ANSSI—a French government agency—have figured out a way to use radio waves to silently activate Siri or Android’s Google Now from across the room.

The hack takes advantage of the fact that a headphone cord can double up as a makeshift antenna, with hackers sending electromagnetic signals to the wire which are converted into audio input. The target device then interprets these as regular voice commands.

The hack only works if the target device has Siri or Google Now enabled, and has headphones or earbuds plugged in that also have a microphone. Wired explains, “Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone.”

He gave an example scenario of hackers using the technique in a crowded bar or airport: “Sending out some electromagnetic waves could cause a lot of smartphones to call a paid number and generate cash.”

Working from a laptop nearby, a hacker can then use open-source radio software, an amplifier and an antenna to send radio waves triggering voice commands, which can then be picked up by the headphone wire plugged into the targeted phone

In theory, the attack could be used to anything you can do using the Siri or Google Now voice interaction. The attacker could make calls, send text messages, open malicious websites, send spam or phishing emails, or post to social networks like Facebook and Twitter. By placing an outbound call to the attacker’s own phone the hack could be used to surreptitiously eavesdrop on the victim’s phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.

Most of the time that you have headphones plugged in to your smartphone you’re also listening to them. When Siri or Google Now are activated—even if initiated silently over the airwaves—they typically make some sort of noise indicating that they’re ready to listen to your voice command, and they respond verbally by default so if you’re wearing the headphones you should immediately realize something suspicious is going on.

It would be challenging to activate the virtual assistant without alerting you. The display generally comes to life and displays your request along with the response from Siri or Google now. If you’re sitting there, minding your own business, and your smartphone suddenly springs to life you’d probably notice.

Assuming your smartphone has the headphones plugged in, but you’re not wearing the headphones to hear the voice interaction, and the smartphone is lying face down so you can’t see the interaction on the display it is theoretically possible, but still highly unlikely. The attack requires unique hardware and only has a range of between six and sixteen feet according to the researchers.

Wired’s article for more details, Click here.