Hackers can now attack smartphones through earphones
The iPhone or Android users would notice the attack only if he or she looked at the screen – or after the fact, in case any traces are left.
“The possibility of inducing parasitic signals on the audio front-end of voice-command-capable devices could raise critical security impacts”, the researchers said in the study. Strubel is the Director of the research group at ANSSI.
The problem is that electromagnetic waves can tell either voice command service to eavesdrop on you, make your phone make calls to a paid number, navigate to infected websites or send spam.
You might want to reconsider next time you’re about to plug your headphones with a microphone into your iPhone or Android smartphone. The hack takes advantage of the microphone or headphones by using them as an antenna for the electrical signals they use to control Siri. So, a hacker using a laptop, can then use an open source radio software, and amplifier and an antenna to transmit radios waves triggering voice commands. The whole setup could be assembled inside a backpack and would have a range of about six and a half feet. But if connected to a larger set of batteries inside a vehicle or van the range can be extended to 16 feet. When it comes to Apple’s Siri and Google Now, it seems that there is a new hack that will be able to make use of radio waves to gain control. “It’s not mandatory to have an always-on voice interface”, says Kasmi.
Of course, security conscious smartphone users probably already know that leaving Siri or Google Now enabled on their phone’s login screen represents a security risk.
They can also send texts to your phone, or post compromising information to social media.
Perhaps a simpler idea to prevent the hack: Researchers recommend both companies let users create their own “wake words” to launch their virtual personal assistants. “That’s the main issue here and the goal of this paper: to point out these failings in the security model”.