Although they haven’t become the widespread and always used features they were meant to be, voice controlled virtual assistants like Siri, Google Now, or Cortana can be found in almost every mobile device in the market. In some cases, they are even enabled by default. While convenient and useful, this may lead to some serious security and privacy issues, as some researchers from the French government agency ANSSI have discovered. They have come across a way to call Siri and Google Now into action with neither user nor hacker uttering a single word.
This seemingly magic yet frightening trick employs the use of inaudible signals sent to a device with a microphone enabled headphone attached. The wires on that accessory can convert electromagnetic waves into electrical signals that, for iOS and Android, are the equivalent of the user’s voice saying “Hey, Siri” or “OK, Google”.
Aside from simply triggering the virtual assistants, the same radio signals can contain commands that the assistants usually carry out. Hackers can, for example, direct the phone to call a number, which would let someone eavesdrop on the victim’s surroundings. The phones can also be instructed to visit certain websites, which can be the starting point of a bigger hacking attack.
The machine that carries out the attack isn’t that complicated. A laptop running the open source GNU Radio program, a software defined radio, an antenna, and an amplifier. The contraption can be small enough to fit in a backpack but is limited to 6.5 feet in range. Imagine standing in the midst of a crowd, sending malicious commands to any vulnerable smartphone. A larger setup could include large batteries to extend the range to 16 feet but is so big it can only feet inside a van.
The vulnerability has several important limitations. The first is, as indicated, the devices need to have a headphone with microphone attached. It also requires that Google Now and Siri to activated and to respond to voice prompts. Fortunately for Android users, Google Now isn’t activated by default. On the iPhone, however, Siri is and responds to voice commands on the lockscreen. On the iPhone 6s, Siri can be activated even when the phone isn’t charging. That said, the attack doesn’t happen completely silently, as the user will be able to notice the activation, provided he or she is currently holding the phone. But if the phone is in a pocket or in a bag, the victim will be none the wiser.