Hackers at French government agency ANSSI have discovered a way to control both Siri and Google Now from up to 16 feet away. The hackers are able to accomplish this using radio waves, and the implications may be serious.
Picture the following: you’re in a room with one of your coworkers. You have Siri on your iPhone, and you forgot to unplug your headphones from your morning commute. All of a sudden, you see your phone is making a call to your coworker, but you haven’t touched a single button. Is this a practical joke, or is it the beginning of some doomsday fantasy in which everyone is able to control the technology of everybody else? Well, let’s investigate.
In order to hack into Siri or Google now remotely, the hacker must be within 16 feet of the phone in question. Not only must Siri or Google Now be enabled on the phone being hacked, but headphones that are mic-enabled must also be physically plugged into the phone. Hackers are able to treat the cord attached to the headphones as an antenna; using radio waves, they can convert electromagnetic waves into electrical signals that make Siri and Google Now think they are being spoken to by the phone’s owner. Using this trick, hackers can send texts, make phone calls, or even open incriminating websites on the phone.
Despite the terrifying knowledge that you could be hacked by someone in the same room without even knowing it, the likelihood of this type of hacking being successful without the owner of the phone noticing is low. Siri responds to user commands both verbally and visually, so if your phone is next to you while someone tries to hack it, there’s a good chance you’ll notice. Additionally, most people who have mic-enabled headphones plugged into their phones are either listening to something with those headphones or are at least using their phones. A hack attempt would not go unnoticed in these instances.
According to Vincent Strubel, the director of the research group in charge of this study at ANSSI, “The sky is the limit here. Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves.” The sky might be the limit, but given the conditions of the hack, it’s a limit we won’t be approaching any time soon.