A group of researchers at a French government security unit have figured out a way to send silent commands to phones. All that they needed was a laptop and an antennae -things that fit pretty much in a bag.You might think that Siri and Google work as your personal assistant, but they may also be taking orders from hackers.French researchers have found the smartphone assistants can be controlled by hackers from as far away as 16ft (five metres).
They say radio waves can be used to trigger voice commands on iPhones and Android handsets with Siri or Google Now enabled, providing a set of headphones are plugged in.French researchers have found the smartphone assistants Siri (logo pictured) and Google Now can be controlled by hackers from as far away as 16ft (five metres) who don’t have to utter a word
The research, by France’s information security agency, ANSSI, suggests criminals could take control of handsets and eavesdrop on conversations, but it’s not known whether the trick has been exploited in the real world.
The hack, demonstrated by the researchers, is possible by using the headphone’s cord as an antenna, Wired’s Andy Greenberg reported.
This means hackers could use open-source radio software running on a laptop, an antenna and amplifier to send electromagnetic waves picked up by the headphone cord from close range.
The research, by France’s information security agency, ANSSI, suggests criminals could take control of handsets and eavesdrop on conversations, by tapping into a phone with headphones connected (stock image)
This kit could be squeezed into a backpack, or a larger version version of the set-up could be concealed in a criminal’s van to target devices some 16 ft (five metres) away, perhaps in a bar or airport where lots of people gather in a small space.
In the hack, electrical signals converted by the cord can trick a phone’s operating system into thinking they are words being spoken into a handset’s microphone.
This connection lets hackers silently trigger voice commands, which they could use to open a malware website on a device, send spam texts and emails or even turn a handset into an eavesdropping device.
‘The possibility of inducing parasitic signals on the audio front-end of voice-command-capable devices could raise critical security impacts,’ José Lopes Esteves and Chaouki Kasmi, write in a paper published by the Institute of Electrical and Electronics Engineers (IEEE).
Vincent Strubel, director of the duo’s research group at ANSSI added: ‘The sky is the limit here. Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves.’
Hackers could use open-source radio software running on a laptop (illustrated with a stock image), an antenna and amplifier to send electromagnetic waves picked up by the headphone cord from close range
MailOnline has contacted Apple and Google for comment.
Worried smartphone owners can unplug their headphones and disable Siri or Google Now to protect themselves.
The researchers have suggested to both tech giants they should create better shielding on their headphone cords or add an electromagnetic sensor to handsets in order to block attacks using radio waves.
A PIN code or ‘wake phrase’ could be used to launch Siri or Google Now, using voice recognition software to ensure phones don’t take commands from strangers, they said.
Owners of the new iPhone 6s can say the words ‘Hey Siri’ to active the PA on their phone, with ascreenshots showing it can be ‘trained’ to recognise their voice.
‘The iOS 9 GM includes a new feature for Siri to help it better recognise your voice when using the automatic ‘Hey Siri’ activation feature,’ 9to5mac reported.