Hackers can take over your iPhone/Android smartphone by using radio waves to control Siri/Google Now

Researchers working for the French government have found a way to control Apple’s personal digital assistant, Siri and Android personal digital assistant, Google Now. The researchers working with the French government agency, ANSSI could hack into iPhone or Android handset — with headphones plugged in — to remotely and silently access the smartphone’s built-in voice controls, potentially unbeknownst to the user.

The researchers were able to hack and access/control Apple’s Siri and Android’s Google Now from a distance of 16 feet.

How does the hack work :

The hack is accomplished by using a radio transmitter to tap into a pair of headphones with integrated microphone plugged into the mobile device, using the headphone cable as an antenna. The researchers exploited its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone. Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker’s number to turn the phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.
Headphone cables make decent radio antennas, as evidenced by Apple’s use of them to enable FM radio reception on its iPod nano.

The team at ANSSI found they can exploit this and trick an iPhone or Android device into believing the audio commands are coming from the connected microphone.

“The possibility of inducing parasitic signals on the audio front-end of voice-command-capable devices could raise critical security impacts,” the two French researchers, José Lopes Esteves and Chaouki Kasmi, write in a paper published by the IEEE. Or as Vincent Strubel, the director of their research group at ANSSI puts it more simply, “The sky is the limit here. Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves.”

The researchers said that the hack can be accomplished from up to about six and a half feet away with not so elaborate equipment while a dedicated hack equipment packed in a car or van could hack Siri/Google Now from up to 16 feet away.

The only limitation for the hack to work is that the iPhone has be connected to a headphone and the iPhone owner should have Siri enabled from the lockscreen. Apple, by default enables Siri to work on lockscreen and hence that should not be a problem for the hackers. The researchers also said that the exploit works even with the new released Apple iPhone 6s which has “Hey Siri” always listening enabled. It also works on older iPhones spoofing the button press required to activate Siri on a set of headphones, such as Apple’s own EarPods.

PoC video :

Mitigation :

The only way to protect your iPhone from getting hacked using this method is to disable access to Siri from the lockscreen. You can disable access to Siri by going to Settings >> Touch ID & Passcode scroll down to uncheck Siri under Allow Access When Locked. In the same menu users can also disable access to the Today screen, Notifications View, Reply With Message, and Wallet, if they so choose.

For further security you can also go back to the root Settings menu and choose Control Center and disable Access on Lock Screen. This will prevent a stolen iPhone from being placed into Airplane Mode without turning off the device.

The researches have stated that they have informed Apple and Google about their exploit. They have recommended that both the companies to provide better mechanism to shield on their own headphone cords. They have also suggested that Apple and Google let users create custom voice prompts in place “Hey Siri” and “OK Google.”  Future handsets could also include electromagnetic sensors as a form of security.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here