Siri may do more than just misunderstand your commands. According to a group of French researchers, your personal pocket secretary can be used to send texts, open unsafe websites, and even record entire phone conversations from as far as 16 feet away.
How It Works
Researchers at the French government agency ANSSI found they were able to infiltrate both Android and Apple devices that were equipped with Google Now or Siri when earphones were plugged in.
The hackers were able to use the headphones as an antenna to transmit radio waves to trigger commands on the voice-enabled devices.
Once connected, the researchers found they could silently send voice commands through text, basically giving them carte blanche with your smartphone.
Scarier Than It Sounds
The researchers’ findings were included in a report published in the Institute of Electrical and Electronics Engineers.
While this type of hack depends on a large number of variables (voice command being enabled, headphones being plugged in), Vincent Strubel, the director of research at ANSSI, says:
“The sky is the limit here. Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves.”
Little Equipment, Big Threat
This latest revelation is particularly alarming due to how efficiently voice-controlled apps can be hacked. The researchers were able to instantly control Siri with simple equipment that’s small enough to fit in a backpack. All that’s required is a laptop to run a specific type of open-source software, a USRP radio, an amplifier, and a small antenna.
When executed on a mass scale, like an airport or mall, hackers could easily take control of hundreds or even thousands of voice-enabled devices at once.
Not the First Time Siri’s Caused Trouble
This isn’t the first time hackers have found vulnerabilities in voice-enabled devices. Earlier this year researchers found a gaping security hole in Apple’s iOS 9 that let hackers use Siri to access other people’s private data. Prior to that, researchers in Italy found they could extract private info by accessing Siri with a special type of software. And a few years ago experts found Siri leaked private information through a painfully obvious FaceTime glitch.
Tl;dr: Siri’s not very good at keeping secrets.
Stop Your Phone From Leaking Your Info
The researchers have contacted both Google and Apple about the flaw and offered suggestions as to how to improve the security on voice-enabled software.
“To use a phone’s keyboard you need to enter a PIN code. But the voice interface is listening all the time with no authentication,” says Strubel. According to them, simple fixes like adding some a password or particular phrase option to devices like Siri could help protect them from hackers.
In the meantime, make sure your voice-enabled devices are deactivated whenever your headphones are plugged in by going into your phone’s settings and disabling Siri or Google Now from the lock screen.
ExpressVPN’s #WTFWednesday brings you weird, shocking, and creepy stories about data privacy—pulled straight from the news. Think your privacy is yours? Think again. You will feel uncomfortable. You will be outraged. You will think, “WTF?!”