This site may earn affiliate commissions from the links on this page. Terms of utilize.

siri

Most smartphones can respond to your voice commands, but they might also answer to someone else's. Researchers from France's ANSSI data security agency has found a way to make Apple's Siri and Google phonation search respond to commands without talking to them. It happens via radio waves and works up to xvi feet away. This technique can exist used to exploit the device in a number of ways.

This clever hack relies upon the headphone jack, which has a microphone input on about all modernistic smartphones. The chief limitation of the method developed by ANSSI is that the target device needs to have headphones with a mic plugged into the device. That'south because the electromagnetic waves must use the string as an antenna to admission the mic input. The electrical signals can be made to look similar a user's vocalisation, thus activating Siri or Google.

With the voice commands listening, the radio waves tin can proceed feeding signals into the mic that await to the phone like voice input. The researchers were able to use their arrangement — based on an inexpensive open up-source software GNU Radio, a USRP software-defined radio, an amplifier, and an antenna — to issue commands that sent the phone's browser to a specific website or placed a call. Y'all could use this to essentially turn a telephone into a surreptitious listening device or straight it to a website with a software exploit. An attacker could also utilise these silent voice commands to send phishing messages from the user'southward electronic mail or social accounts.

antenna

Y'all don't necessarily demand to panic and disable voice commands on your phone but still. In addition to having headphones plugged in, you lot demand to have voice commands enabled from the lock screen and sleep fashion. If a phone is awake, the user would probably observe something was amiss, after all. This is the default setting for Siri on iPhones, but Android devices behave differently. Y'all have to manually plough on the "OK Google" hotword from any screen, and when you exercise the phone tunes to your voice. Later y'all've trained the phone in this way, the radio waves would be unable to trigger the phonation actions because they don't "sound" similar you. So, Siri is much more vulnerable than Google'southward voice search.

The 16 foot range of the hack is based on the laboratory setup used in the ANSSI test. If you wanted to make a mobile version of the rig that fits in a haversack, you lot'd probably only have enough power to hack a phone from six or seven feet away. That could still be useful in a crowded infinite like a subway motorcar. The larger version from the lab might fit in a car as well.

The researchers have contacted Apple and Google to suggest allowing users to create custom wake words, which would cake this attack. Better shielding on headphone cables would also do the trick. Neither company has responded yet.