Hackers may have ability to take over your cellphone

Bad news for Apple fans: researchers in France have discovered a way to silently hack Siri from almost 5 metres away.

Hackers could use radio waves transmitted from the antenna of the headphones to eavesdrop on private conversations, send the device browser to a malware site or shoot spam and phishing messages through email and social media sites – such as Facebook and Twitter – Wired magazine reported. “Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves”, at the recent “Hack in Paris” conference.

The exploit isn’t without limitations.

Second, the hack only works if the smart phone owner is using headphones with a microphone. They also said that it can also be easily thwarted as users could notice their phone is receiving non-existent voice commands and cancel the action. Still, the risk isn’t zero. Group director Vincent Strubel chimed in and said, “The sky is the limit here”.

iOS 9 With Siri enabled from the lock screen of an iPhone, anyone with physical access to the device can use Siri to gain access to the device.

By using better shielding on their headphone cords, or by making it impossible to use these voice control features without enabling voice recognition or having to say a password, the potential danger could be neutralised.

This is something we didn’t even imagine to be possible but you know hackers.

Kasmi and Esteves say that a hacker could walk inside an airport or a few other busy public space with the hardware turned on, listening and sending signals to any Apple device with Siri enabled, and headphones plugged in. Zimperium uncovered the massive Stagefright vulnerability in Android phones earlier this year. To disable it, find the Passcode or Touch ID & Passcode part in settings and deactivate Siri below the heading “Allow Access When Locked”.

Granted, most handset owners don’t have wired headphones plugged into them when not in use.

A lot of Android phones don’t have the Google Now voice-activated assistant accessible from the homescreen, as Siri is on the iPhone.

You can see one of their experimental setups above. You have to manually turn on the “OK Google” hotword from any screen, and when you do the phone tunes to your voice.

Once again, this is a complex attack and it is definitely not a pressing concern for most of us. “That’s the main issue here and the goal of this paper: to point out these failings in the security model”.