Another smartphone exploit has been discovered and this time it has to do with Siri and Google Now. French researchers have discovered that Siri can now be accessed remotely by anyone if your phone has a pair of headphones plugged in. The exploit allows almost anyone to remotely send voice commands to your smartphone. The worst part is that the process is entirely silent.
The security flaw was discovered by the researchers at the ANSSI Institute this summer and was presented at the Hack in Paris conference. Their work only received recognition from a few French news outlets back then. Their research shows that devices running Siri or Google Now can be accessed from up to 16 feet or 4.5 meters away, the transmission uses the plugged in headphones as an antenna for the radio signal. The signal can send data that tricks the phone into thinking that it is receiving commands from the user. This way the hack can be performed in complete silence without the user ever knowing.
But you don’t need to worry too much yet. The researchers also revealed that the exploit could only work on devices that run either Siri or Google now and have a microphone enabled headphones plugged in. iPhone users have Siri enabled from the lock screen by default and are in the greatest danger, as Siri is always listening to commands. Android users on the other hand may not have Google Now enabled by default on their lock screen or they have set the app to only recognize their voice.
The researchers also said that the exploit has a lot of potential for mischief, someone could carry a radio transmitter in their backpack in a crowded space that would prompt any device that accepts voice commands to call a certain number that generates money for the attacker. They also said that it can also be easily thwarted as users could notice their phone is receiving non-existent voice commands and cancel the action. Here’s hoping that more security will be added to Siri and Google Now in the future.