The following is an excerpt from AMANDA SCHUPAK | October 14, 2015 | CBSNews.com |
Researchers in France have demonstrated they can get Siri to do their bidding while she's nestled not-so-safely in your pocket.
In a paper published by IEEE, Chaouki Kasmi and Esteves Lopes from the French Network and Information Security Agency, created a "silent remote voice command" technique that uses a pair of plugged-in headphones to whisper in Siri's ear without you knowing it. The commands can be sent via radio from as far as 16 feet away, Wired reports.
It also works against Android phones with Google Now enabled.
The hack sends electromagnetic waves from a radio antenna that are picked up by the microphone in headphones or ear buds and converted into digital signals that can command the phone to do a number of things that might be useful to a hacker with an agenda. Kasmi told CBS News an attacker could activate Wi-Fi and Bluetooth to turn the phone into a midrange location tracker, or use the phone for audio spying (that is, eavesdropping), by having it call his own phone, letting everything you say or hear be heard on the other end.
It can also tell the phone to place a call or send a text to a paid service, or post compromising information to social media for the purpose of phishing or damaging your reputation.
And for advanced maneuvers, Kasmi explained, "The exploitation of the voice command interface is used as a first step to further compromise the device: The attacker can force the target to visit a malicious web page which exploits a vulnerability to compromise the target's operating system. As an example one could think of installing a malicious application, or further exploiting vulnerabilities on the wireless interfaces."
The large version of the antenna can send the signal from 16 feet away, according to Wired, while a backpack sized version is powerful enough for a hacker to sidle up within six and a half feet. Making one isn't particularly challenging.
"To design such an emitter, open source software for software-defined radio is publicly available," Kasmi said. "Thus, the design of the source is very simple and cheap with regards to open source software and hardware."
For more visit: CBSNews.com