According to a shocking report, hackers can hijack Siri and Google Now from a distance of up to 16 feet.
This startling claim, published by the Institute of Electrical and Electronics Engineers, was made by researchers at ANSSI, the French Network and Information Security Agency.
The experts conducted an experiment where they connected a set of microphone-enabled headphones to a mobile phone which runs Google Now or Siri.
This permitted them to turn the headphone cord into an antenna. Afterwards, they used a laptop located at a certain distance from the device, and transmitted radio waves, by employing the open-source software GNU Radio, an amplifier, an antenna and the USRP software-defined radio.
The electromagnetic waves were received by the headphone wire, which converted them into electrical signals. Lastly, these signals were sent to the cellphone, which wrongly interpretted them as voice commands originating from the user’s microphone.
It appears that by completing this simple list of instructions, potential attackers can easily and silently hack into Siri and Google Now. This way, they can command the cell phone, forcing it to open certain webpages, to call paid numbers or to send messages and emails on the user’s behalf.
Spam and phishing scams could be carried out using the hijacked device as a platform, and the owner would be none the wiser. It could be just as easy to eavesdrop on the victim’s private phone calls, and the malicious operation has been proven to work just as well on Android and iOS mobile devices.
“The possibility of inducing parasitic signals on the audio front-end of voice command-capable devices could raise critical security impacts”, explained study authors José Lopes Esteves and Chaouki Kasmi.
These cybercrimes could be carried out using a set of gadgets that could be fitted in a backpack, and the attackers could control the target from around 6 and a half feet. On a more powerful system using bigger batteries the operation could be successful even from 16 feet away.
So far, Google and Apple haven’t issued any comment regarding these “critical security” concerns, but scientists point out that mobile users must only one take one precaution in order to protect their devices from being hijacked. It appears that it’s enough to disable Google Now or Siri from the lock screen, and the operation will fail.
In addition, the two companies targeted in these potential attacks could also implement certain preemptive strategies.
For example, the digital personal assistants could be personalized by allowing users to create certain wake words that launch the software’s execution. Basically, the custom-made password could be uttered by the user and processed by the internal speech recognition in order to start the application.
Another solution would be to incorporate electromagnetic sensors into phones in order to reject hijacking attempts. Alternatively, better shielding could be provided to headphone cables, so that hackers are obliged to convey stronger signals.
Image Source: Flickr