One of the new features in iOS 9 is the ability to train Siri to only recognize your voice so your phone doesn’t respond to commands from just anybody. According to a report from Wired, though, a pair of researchers at ANSSI—a French government agency—have figured out a way to use radio waves to silently activate Siri or Android’s Google Now from across the room.
The hack only works if the target device has Siri or Google Now enabled, and has headphones or earbuds plugged in that also have a microphone. Wired explains, “Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone.”
In theory, the attack could be used to anything you can do using the Siri or Google Now voice interaction. The attacker could make calls, send text messages, open malicious websites, send spam or phishing emails, or post to social networks like Facebook and Twitter. By placing an outbound call to the attacker’s own phone the hack could be used to surreptitiously eavesdrop on the victim.
That’s the doomsday scenario version. Now, let’s scale it back and look at how plausible it is for an attack like this to actually work. Most of the time that you have headphones plugged in to your smartphone you’re also listening to them. When Siri or Google Now are activated—even if initiated silently over the airwaves—they typically make some sort of noise indicating that they’re ready to listen to your voice command, and they respond verbally by default so if you’re wearing the headphones you should immediately realize something suspicious is going on.
Even if you’re not actively wearing the headphones—maybe your headphones are plugged in but the smartphone and headphones are just sitting on a table in front of you—it would be challenging to activate the virtual assistant without alerting you. The display generally comes to life and displays your request along with the response from Siri or Google now. If you’re sitting there, minding your own business, and your smartphone suddenly springs to life you’d probably notice.
Assuming your smartphone has the headphones plugged in, but you’re not wearing the headphones to hear the voice interaction, and the smartphone is lying face down so you can’t see the interaction on the display it is theoretically possible, but still highly unlikely. The attack requires unique hardware and only has a range of between six and sixteen feet according to the researchers—depending on the size and power of the radio and antenna.
“Additional functionality, especially concerning user convenience, has often come at the cost of some security,” stressed Gavin Reid, VP of threat intelligence for Lancope. “In this case the hack needs proximity to work and is a proof of concept needing specialized hardware. High security government equipment and installations have often come with additional shielding specifically to limit emanations and any covert channels.”
It’s conceivable that an attacker could position the radio in a Starbucks or similar public location and generate commands to all of the devices within range and direct them to call a specific phone number that generates cash for the attacker. The odds of that happening are relatively low, though. As Reid explains, “This attack is less likely to be leveraged by the criminal underground especially with other methods much easier to implement”.
This article was written by Tony Bradley from Forbes and was legally licensed through the NewsCred publisher network.