A group of French researchers have discovered they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has simultaneously enabled Google Now or Siri and plugged headphones with microphone.
“We exploit the principle of front-door coupling on smartphone headphone cables with specific electromagnetic waveforms,” the researchers said. “Smart usage of intentional electromagnetic interference results in finer impacts on an information system than a classical denial of service effect and, as an outcome, we introduce a new silent remote voice command injection technique on modern smartphones”.
According to Wired, the researchers’ work, which received little notice outside of a few French websites when it was presented at the Hack in Paris conference over the summer, uses a relatively simple collection of equipment: It generates its electromagnetic waves with a laptop running the open-source software GNU Radio, a USRP software-defined radio, an amplifier and an antenna.
In its smallest form, which the researchers say could fit inside a backpack, the setup has a range of around 6.5′. In a more powerful form that requires larger batteries and could only practically fit inside a car or van, the researchers say they could extend the attack’s range to more than 16′.
The researchers’ hack works on phones that have microphone-enabled headphones or earbuds plugged into them. Many Android phones don’t have Google Now enabled from their lockscreen, or have it set to only respond to commands when it recognizes the user’s voice, while on iPhones Siri is enabled from the lockscreen by default, with no such voice identity feature. Attentive victims would likely be able to see that the phone was receiving mysterious voice commands and cancel them before their mischief was complete, according to a paper published by the IEEE and cited by Wired.
The ANSSI researchers said they’ve contacted Apple and Google about their work and recommended fixes.