Hacking SIRI and Google Now silently from 16feet away now possible via Headphones, claim ANSSI Researchers.
French researchers at the government’s information security agency ANSSI have surpassed everyone else in the field of technology.. or so it seems… since they have managed to hack Apples personal assistant SIRI without even speaking a word.
Not to mention, they are able to perform this outstanding feat… from 16feet away. The hack occurs if you have enabled SIRI or Google Now on your iPhone or Android. Evidently, this achievement has exposed iPhone and Android devices to an array of mischief.
Google Chrome Browser Listening To Your Conversations without Permission
How SIRI was Hacked?
Radio waves were used to initiate voice commands on various services such as Google Now and SIRI. They were able to perform the hack only when they had their headphones on with a MIC plugged in.
Headphones’ cord served as an antenna and deceived the phone into assuming that the electric signals being sent were real voices. Thus, they were able to communicate with SIRI without actually speaking.
They ordered SIRI to make calls, open up the browser and navigate to a specific website, open the email account and even Facebook.
This means hackers could easily command the phone to visit an infected website or send phishing or spam messages through email, Twitter and/or Facebook. Also, your phone turns into an eavesdropping device.
Using the cord as an antenna and converting sneaky electromagnetic signals to appear as user’s voice
coming from the headphones’ MIC, is definitely a smart trick.
The set of gear required for conducting this hack is pretty basic and therefore, only offers 6 and half feet range. To receive full 16feet range, bigger space would be required for the batteries.
As per Vincent Strubel, director of ANSSI, “the sky is the limit here. Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves.”
What if the hack doesn’t work?
It is possible that the hack may not work in the same manner for specific individuals, but this doesn’t mean that the method is useless or, say, a one-time-wonder.
Hackers can easily and effectively use it on a crowd by sending out signals around a busy area.
It is a fact that one could potentially hack a number of devices simply because when in the crowd, people are generally oblivious of the phone present inside their pockets or purses.
Strubel claims: “You could imagine a bar or an airport where there are lots of people. Sending out some electromagnetic waves could cause a lot of smartphones to call a paid number and generate cash.”
Lately, a lot of iOS features have been found vulnerable to hacking attacks. Last month, one guy demonstrated how to bypass iOS 9 lockscreen within 30 seconds.
Then came the YiSpecter malware targeting Apple users and replacing their genuine apps with fake ones.
The ANSSI researchers said they’ve contacted Apple and Google about their work and recommended fixes, stay tuned.
Wired IEEE