Siri, Google Now Have Security Flaw That Lets Attackers Take Over Your Phone From Five Meters Away

Siri, your handy-dandy assistant confined within your iOS device, has been discovered to be unfaithful, sort of. Aside from catering to the owner's whim, the voice-activated AI will also take instructions from hackers.

A couple of researchers from France created a video demonstration of how Siri takes remote commands even if they're not from the owner's. The bigger issue is that it can be done to almost anyone as long as they are in range of the hacker.

A study published by IEEE, an association dedicated to the advancement of technology, researchers Jose Lopes Esteves and Chaouki Kasmi, both members of the French Network and Information Security Agency, details how the hack is possible through "silent remote voice command," which utilizes plugged-in headphones to relay the voice commands to Siri.

The research, which showed how voice commands can be sent to Siri via radio waves, was previously presented during the Hack in Paris conference. The only equipment needed during the presentation were a laptop, a USRP software-defined radio, antenna and amplifier.

"To design such an emitter, open source software for software-defined radio is publicly available," Chaouki Kasmi told CBS News. "Thus, the design of the source is very simple and cheap with regards to open source software and hardware."

Not only were they able to penetrate iOS through Siri, the demo also showcased that Android is also susceptible through Google now. Granted a battery large enough, of a car's for instance, the hack can be performed within a 16-feet- or 5-meter- radius. However, hackers can also go mobile and fit the contraption inside a backpack, which would allow them to penetrate a mobile device within 6.5 feet or roughly 2 meters.

The study did not gain much attention during the event, aside from that of curious French technology enthusiast. Nonetheless, it does not diminish the fact that it is a threat, which mobile device users should be wary of.

"The sky is the limit here," said Vincent Strubel, research Directors at the French Network and Information Security Agency. "Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves."

Voice-activated assistants, such as Siri and Google Now, can do pretty much everything that the device permits - send emails, upload pictures, turn on the camera and so on. Thus, when Strubel said that the sky is the limit, he's not lying.

However, there is a way to prevent getting hacked in this specific manner and that is to unplug microphone-equipped headsets. The other really basic solution is to disable the voice-activated assistants, unless they're really needed. By default, Google Now is turned off but for Apple-supported devices, Siri is turned on from the moment the device ships out. Commands that require elevation can also be spotted and give the user an idea that the device is getting hacked.

Photo: Vincent Brown | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics