Hackers can silently control Google Now, Apple’s Siri from 16 feet away

“Siri may be your personal assistant. But your voice is not the only one she listens to,” Andy Greenberg reports for Wired. “As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.”

“A pair of researchers at ANSSI, a French government agency devoted to information security, have shown that they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has Google Now or Siri enabled, if it also has a pair of headphones with a microphone plugged into its jack,” Greenberg reports. “Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone.”

Greenberg reports, “Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker’s number to turn the phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.”

“The ANSSI researchers say they’ve contacted Apple and Google about their work and recommended other fixes, too: They advise that better shielding on headphone cords would force attackers to use a higher-power radio signal, for instance, or an electromagnetic sensor in the phone could block the attack,” Greenberg reports. “But they note that their attack could also be prevented in software, too, by letting users create their own custom ‘wake’ words that launch Siri or Google Now, or by using voice recognition to block out strangers’ commands.”

Read more in the full article here.

MacDailyNews Take: Custom wake words for Siri would be very welcome regardless.

25 Comments

  1. ONLY if you plug your earphone, Bluetooth DONT WORRY
    ONLY if you have siri activated on home screen
    ONLY if only if command spoken while unlocked, since every other time you ara asked “PLEASE UNLOCK”
    IF You have the earphones plugged and in use, You always hear what siri hears,

  2. As MDN said, custom labeling for Siri – Change Hey Siri to ….
    Computer…
    Dawg…
    Hey B#$#@…

    Of note, this attack cannot be used, if you speak with a Scottish accent. Hey Siri, Hey Siri…! Hey Surrey…!!!

  3. Wow. This sounds a bit surreal. EM waves somehow are transformed and interpreted into audio waves? Is this April Fools Day?

    It makes me wish I’d done a stint at electronics school.

    We already know that anything said within vocal range of an active Siri phone will trigger off a command. Clearly, it’s a great idea to have a customizable wake word, as per MDN. That would mitigate this strange EM ≈ audio situation as well.

    1. I’ve heard you can hack a speaker into being a microphone and since over the wire sound just becomes simple electrical pulses, this hack sounds pretty plausible to me. Simple fix, just get a bluetooth earphones/headphones. or don’t use them at all.. I would love to customize the ‘start’ phrase in any case. 😀

      1. Hmm. Well, the speaker turned to Microphone, at least in my mind, is dirt easy to understand. It’s just another vibrating membrane that generates EM waves in a wire while inside a magnetic field. It’s not the same thing. Where’s the vibrating membrane in the EM transmission hack?

        As for Bluetooth headphones: Then you run into the fact that Bluetooth oddly continues to be incapable of streaming an adequate amount of data to reproduce the full range of human audible range. The only ‘Bluetooth’ speakers or earphones of any worth are those that add extra bandwidth through some added wireless technology.

        Anyway, it’s interesting to thrash through thoughts about this EM ≈ Audio hack. My latest thought is that there never is any ‘audio’ as such. It must skip right over that part of the system into the EM an actual sound would generate within the iOS device.

    2. The first simple radios consisted of an antenna, a coil, a capacitor and a crude diode. If the mic on the Apple earbuds has diodes in it to trigger the volume, pause and answer functions and there are coils in the speakers, the only thing needed is the capacitor (which is the inter lead capacitance of the long cable. The transmitter frequency can determined by connecting up an earphone cable assembly to a RF signal generator and look for the peek energy output frequency. Now all you have to do is modulate that frequency in the transmitter and the earphone cable assembly will detect those audible modulations.

      1. I remember putting together a crystal radio set when I was a kid. (I wish I’d continued on to Heath Kits, etc, but I was the ONLY techy in the family and no one encouraged my technophilia).

        Again, that system has a vibrating membrane within the simple ear speaker. Audio / air vibrations are required for human perception. Where’s the vibrating membrane in the EM ≈ audio hack. As I posted earlier, i think what’s going on is that there is no audio involved at all. The EM signal sent must skip over the audio pick up and simply equate to the EM signal and auditory command would create. That sort of fits the description of the hack, the more I consider it.

    3. You think that’s weird… check this out:

      Click to access traynor-ccs11.pdf

      iPhone: Decoding Vibrations from Nearby Keyboards Using Mobile Phone Accelerometers.

      Essentially if your phone is sitting on your desk next to your keyboard, the accelerometer is recording the vibrations. You can theoretically tell which keys have been struck.

      Mobile phones are increasingly equipped with a range of highly re- sponsive sensors. From cameras and GPS receivers to three-axis accelerometers, applications running on these devices are able to experience rich interactions with their environment. Unfortunately, some applications may be able to use such sensors to monitor their surroundings in unintended ways. In this paper, we demonstrate that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard. Note that unlike previous emana- tion recovery papers, the accelerometers on such devices sample at near the Nyquist rate, making previous techniques unworkable. Our application instead detects and decodes keystrokes by measur- ing the relative physical position and distance between each vibra- tion. We then match abstracted words against candidate dictionar- ies and record word recovery rates as high as 80%. In so doing, we demonstrate the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage (e.g., microphone, camera).

    1. Assuming the hack is possible, the reverse use can also be considered. (e.g. listening in to conversations via ‘transmissions’ from the earphone wire) Probably something the NSA would make use of in secret vs plugging it up.

    1. The basics of this hack is the earphone wire being used as an antennae. If there is any way presently that functions of the smartphone can be controlled via the earphone wire (e.g. answering calls, etc.), it is also possible that those functions can also be hacked in a similar way. This ‘weakness’ is a slightly larger problem than just voice activation if it is actually possible.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.