Thursday 5 November 2015

Hackers Can Silently Control Siri from 16 Feet Away

Siri

Radio Waves – Silently Trigger Voice Commands


A group of French researcher have observed that though Siri may be your personal assistant, it also listens to other voices and obeys the orders of any hacker who tend to talk to her and in some cases, which silently transmit commands through radio as far as 16 feet distance.

A pair of researches at the ANSSI, which is a French government agency dedicated to information security have revealed that with the use of radio waves it could silently trigger voice commands on any Android phone or iPhone having Google Now or Siri enabled with a pair of headphones together with microphone plugged into its jack.

They cleverly hack those headphones’ cord as an antenna, manipulating its wire to convert secret electromagnetic waves into electrical signals which tend to appear on the operating system of the phone to be audio coming from the user’s microphone.

Without conversing, the hacker can utilise that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker’s number in turning the phone into an eavesdropping device, send spam and phishing messages through email, Facebook or Twitter and send the phone’s browser to a malware site.

Electromagnetic Waves – Laptop Running Open-Source Software GNU Radio


The two French researchers, Jose Lopes Esteves and Chaouki Kasmi have written in a paper published by the IEEE, that the possibility of inducing parasitic signals on the audio front-end-of-voice-command-capable devices could give rise to critical security impacts.

 Or as Vincent Strubel, director of their research group at ANSSI puts it in a simple manner that the sky is the limit here and everything that one can do through the voice interface, can be done remotely and discreetly through electromagnetic waves.

The work of the researchers which was at first presented at the Hack in Paris conference in summer, though received little notice outside a few French websites, utilizes a relatively simple collection of equipment.It tends to produce its electromagnetic waves with a laptop that runs the open-source software GNU Radio, a USRP software defined radio, an amplifier and an antenna.

Minimum Form – Fit in a Backpack/Powerful Form – Fit in Car, Van


According to the researchers, in its minimum form, it could fit in a backpack and their setup has a range of about six and a half feet while in a powerful form which tends to require huge batteries and could only basically fit in a car or van, the researchers state that they could extend the attack’s range to over 16 feet.

The researcher’s silent voice command hack however have some serious limitations and it can only work on phones which have microphones enabled headphones or ear buds plugged into them. Several of the Android phones do not tend to have Google Now enabled from their lockscreen or have it set only to respond to commands when it recognizes the voice of the user.

 iPhones tend to have Siri enabled from the lockscreen through default; however the new version of Siri for iPhone 6s validates the voice of the owner as Google Now does. The other limitation is that attentive users would be likely to see that the phone has been receiving mysterious voice command and cancel them before the activity has been completed.

Without the features of security, Kasmi and Esteves suggest that any smartphone’s voice features can represent security responsibility, either from an attacker with the phone in hand or that which is hidden in the next room.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.