These hackers aren’t ventriloquists, but they might have figured out something even cooler.
Researchers at the ANSSI, a French governmental agency that conducts cyber security research, have figured out a way to remotely and silently access mobile concierge services like Siri and Google Now, reports Wired. With microphone-equipped headphones plugged into a phone, the hackers can send radio frequency signals to sound like a person activating Siri or Google Now.
There’s really nothing to worry about here if you have a phone with Siri or Google Now enabled from the lock screen; the likelihood that some malicious hacker could pull of this attack without you knowing is fairly slim.
The hackers use a laptop running a software-defined radio, an amplifier and an antenna to broadcast radio wave signals that are picked up by the cord on the headphones. The phone interprets these electrical signals as someone speaking into a microphone, giving the hackers full access to Siri functions.
Using a simplified, portable setup, the hackers can transmit phone-interpretable signals at a range of six and a half feet, with a larger setup increasing range to 16 feet. The hackers claim the smaller setup can fit and function in a backpack.
As reported by Wired the hackers describe a scenario in which this was used in a congested area to trick a number of phones into calling a paid hotline. The only other scenario we can think of would be if someone working in a public area left their phone with headphones plugged in out while stepping away from their desk. The hackers could then theoretically set up their spoofing device, but it would be much easier just to grab the person’s phone and start messing with it.
The other limiting factor is that many new phones only activate concierge services when the phone’s owner is talking, though a long press on the headphone’s remote button will also do the same. With my iPhone 6S, Siri only turns on when I say “hey, Siri,” but my desk neighbor could just as easily grab my phone and press the button to start sending texts and making calls.
While this attack isn’t much of a threat to iPhone or Android owners, the method in which it was carried out is fascinating. It also serves as a reminder that lock-screen active concierge isn’t all that secure; whether or not they know it, smartphone users are trading some level of security for convenience.
The researchers suggest that headphone manufactures add an extra layer of shielding to their cords, but considering the huge swath of headphone makers in the industry, this seems unlikely to ever happen.
So, not ventriloquism, but definitely cooler.