Skip to main content

Hackers can control Google Now and Siri through your headphones

apple homekit bug siri idevices switch
Many people love their voice assistants, whether it be Siri, Google Now, or Cortana. However, they may not be the most secure feature on your smartphone. As it turns out, it is possible to control both Siri and Google Now through silent radio signals from as far away as 16 feet. A pair of French information security researchers at ANSSI discovered the trick, Wired reports.

The scenario involves targeting a phone that has microphone-enabled headphones plugged into its headphone jack. The hackers use a laptop with the open-source GNU Radio software onboard, a USRP software-based radio, an amplifier, and an antenna to generate electromagnetic waves. The attacker can then exploit the headphone wire itself, simulating audio to make it seem as though it is coming from the microphone. From there, the attacker can control the phone remotely from as far as 16 feet away and ask the digital assistant to perform any action that it’s capable of doing. That includes making calls, navigating the Web, sending texts, and so on.

Hackers could even turn your phone into a listening device to spy on your communications, send the browser to a site with malware, or issue spam and phishing messages through your email and social media accounts. The simple brilliance of the hack shows once again how hackers can help expose problems with some of the most common and trusted technology.

Of course, the hack does have its limits. Hackers can only target phones that have microphone-equipped headphones or earbuds plugged in. It doesn’t work if users don’t have Google Now enabled from their lockscreens, or if they have Google Now programed to respond only to their voice. Now that Siri only responds to the voice of the phone’s owner in iOS 9 on the iPhone 6S, it won’t work on the new iPhones, either. Additionally, anyone who looks at their phone regularly would probably see unauthorized voice commands being carried out on their phone — it’s not exactly a discrete hack.

Regardless, the researchers have pointed out that it’s still a vulnerability that could be exploited easily, especially in public spaces where people congregate.

To protect users’ phones against hacks, the security community frequently recommends that users disable the voice-activated assistants from appearing on the default screen, though most people aren’t willing to sacrifice the convenience of the feature. Additionally, the researchers suggest that if Apple and Google allowed users to set their own activation word like the Moto X does, hackers wouldn’t be able to activate Siri or Google Now, unless they knew your specific name or phrase. Of course, that’s something the tech giants will have to consider — not the user. In regards to this particular headphone jack hack, the researchers suggest microphone cords with heavier shielding inside.

For some time, security advocates have been preaching about the hackable potential of our phone’s voice-activated digital assistants. Quite recently, an embarrassing hack of the iOS 9 lock screen involved tricking Siri into giving up contacts and other information. That flaw has since been fixed in a recent update, but the question of voice assistant hackability is still a serious one.

Editors' Recommendations

John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
Tired of Google ruining your Fitbit? Look at these 5 alternatives
An Apple Watch, Galaxy Watch 5, and Garmin Forerunner 265 lying on a desk next to each other.

If you own a Fitbit tracker, the last few months have been ... rough, to say the very least. Following Google's acquisition of Fitbit in 2021, the platform has changed a lot. Unfortunately, many of those changes haven't been positive ones.

Earlier this year, mass reports of Fitbit app crashes occurred three times over the span of just a month. Fitbit also recently ended support for older iPhones with iOS 14 or older and — perhaps more damning — killed off Fitbit's most popular social features (including Challenges and Adventures). While Fitbit trackers still have a lot to offer, it's understandable why some people may be looking at what alternatives are available. With features being repeatedly stripped away and app stability at an all-time low, now may be the time to get off the Fitbit ship.

Read more
You can now try out Google’s Bard, the rival to ChatGPT
ChatGPT versus Google on smartphones.

Google has just announced the launch of its conversational AI, Bard. Bard is Google's response to the ever-popular ChatGPT, now in use by Microsoft in its own products.

The tech giant rushed to release Bard, and it is now ready for testing. Google is inviting users to test the AI, but as it notes, it might make mistakes.

Read more
What is Google Assistant? Here’s the guide you need to get started
Using Google Assistant on the Google Pixel Watch.

Artificial intelligence (AI) is huge news right now, thanks to chatbots like ChatGPT -- but did you know you can already access an AI on your Android phone? Google Assistant is Google's AI-powered voice assistant, and it's available on Android, iOS, and a large number of smart devices (like Google's Nest speakers). While not as capable as ChatGPT (yet), Google Assistant can handle an impressive number of tasks — including pausing and resuming songs and videos, making tasks and reminders, and in some cases, even taking and screening phone calls for you.

That may seem like a lot, but Google Assistant is relatively simple to use. If you've never used a voice assistant before, we've got this guide to help you get to grips with it and take your first steps.
What is Google Assistant?

Read more