Industry News

Hackers Discover Voice Recognition Vulnerability on iOS and Android

Image source: Flickr

A group of French researchers have discovered they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has simultaneously enabled Google Now or Siri and plugged headphones with microphone.

“We exploit the principle of front-door coupling on smartphone headphone cables with specific electromagnetic waveforms,” the researchers said. “Smart usage of intentional electromagnetic interference results in finer impacts on an information system than a classical denial of service effect and, as an outcome, we introduce a new silent remote voice command injection technique on modern smartphones”.

According to Wired, the researchers’ work, which received little notice outside of a few French websites when it was presented at the Hack in Paris conference over the summer, uses a relatively simple collection of equipment: It generates its electromagnetic waves with a laptop running the open-source software GNU Radio, a USRP software-defined radio, an amplifier and an antenna.

In its smallest form, which the researchers say could fit inside a backpack, the setup has a range of around 6.5′. In a more powerful form that requires larger batteries and could only practically fit inside a car or van, the researchers say they could extend the attack’s range to more than 16′.

The researchers’ hack works on phones that have microphone-enabled headphones or earbuds plugged into them. Many Android phones don’t have Google Now enabled from their lockscreen, or have it set to only respond to commands when it recognizes the user’s voice, while on iPhones Siri is enabled from the lockscreen by default, with no such voice identity feature. Attentive victims would likely be able to see that the phone was receiving mysterious voice commands and cancel them before their mischief was complete, according to a paper published by the IEEE and cited by Wired.

The ANSSI researchers said they’ve contacted Apple and Google about their work and recommended fixes.

About the author

Răzvan MUREȘAN

Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on hotforsecurity.com

2 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.