Researchers claim to have intercepted the digital assistants to control the iPhone and Android devices, broadcasting silent commands from 16 feet away
French researchers claim to have remotely accessed iOS and Android digital assistants and silently delivered commands by using headphones with inbuilt microphones as antennas.
The team from the French government’s Network and Information Security Agency (ANSSI) claim to have discovered “a new silent remote voice command injection technique”, meaning they were able to intercept Siri and Google Now via radio from up to 16 feet away.
An Android device or iPhone with a pair of headphones containing an inbuilt microphone – such as Apple’s standard earbud model – plugged in effectively turns the cord into an antenna, converting electromagnetic waves into electrical signals the phone perceives to be audio commands, without actually speaking a word.
In theory, this means the digital assistants could be hijacked into sending texts or emails, making searches or calls or direct the handset to malicious websites, though the researchers required an amplifier, laptop, antenna and Universal Software Radio Peripheral (USRP) radio.
“The possibility of inducing parasitic signals on the audio front-end of voice-command-capable devices could raise critical security impacts,” researchers José Lopes Esteves and Chaouki Kasmi wrote, as spotted by Wired.
Last month a hacker claimed to have discovered a 30-second method ofinfiltrating a locked iPhone via Siri, which Apple fixed with the updated software iOS 9.0.1.
How to protect yourself
- Attacks like this are extremely improbable, but in theory could happen. The researchers have suggested the companies improve the shield on their headphone cords, or introduce personalised phrases to wake digital assistants.
- If you’re really worried, you could disable voice activation or turn the digital assisant on your phone off.