A pair of French researchers have discovered the voice command on iPhones and Android smartphones helpfully obeys the orders of any hacker who talks to them—even one who’s silently transmitting those commands via radio from as far as 16 feet away.
The researchers at ANSSI, a French government agency devoted to information security, published the findings in the Institute of Electrical and Electronics Engineers (IEEE).
“While it’s worth noting it takes a special set of circumstances to pull off the hack, the idea of someone secretly ordering your phone to open a website, eavesdropping on your conversations or sending text messages is terrifying.” ABC News reported.
The researchers used the cord of the headphones as an antenna, and tricked the phones into thinking the electric signals they were sending were actual voices. This means they could, without actually speaking, command Siri to not only make calls, but also open a browser and navigate to a specific site, or use email or Facebook.
Vincent Strubel, the director of this research group at ANSSI — a French government agency that deals with information security — says, “The sky is the limit here. Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves.”
This hack uses a fairly simple equipment that could fit inside a backpack, though this would only give it a range of 6 ½ feet. To get the full 16 feet, the batteries needed would require a bigger space, like a car.
Gavin Reid, VP of Threat Intelligence at Lancope has the following commented on the implications for voice assitants: “Additional functionality, especially concerning user convenience, has often come at the cost of some security.”
Reid added: “In this case the hack needs proximity to work and is a proof of concept needing specialised hardware. High security government equipment and installations have often come with additional shielding specifically to limit emanations and any covert channels. This attack is less likely to be leveraged by the criminal underground especially with other methods much easier to implement”.