Hackers can control Google Now and Siri through your headphones

apple homekit bug siri idevices switch
Many people love their voice assistants, whether it be Siri, Google Now, or Cortana. However, they may not be the most secure feature on your smartphone. As it turns out, it is possible to control both Siri and Google Now through silent radio signals from as far away as 16 feet. A pair of French information security researchers at ANSSI discovered the trick, Wired reports.

The scenario involves targeting a phone that has microphone-enabled headphones plugged into its headphone jack. The hackers use a laptop with the open-source GNU Radio software onboard, a USRP software-based radio, an amplifier, and an antenna to generate electromagnetic waves. The attacker can then exploit the headphone wire itself, simulating audio to make it seem as though it is coming from the microphone. From there, the attacker can control the phone remotely from as far as 16 feet away and ask the digital assistant to perform any action that it’s capable of doing. That includes making calls, navigating the Web, sending texts, and so on.

Hackers could even turn your phone into a listening device to spy on your communications, send the browser to a site with malware, or issue spam and phishing messages through your email and social media accounts. The simple brilliance of the hack shows once again how hackers can help expose problems with some of the most common and trusted technology.

Of course, the hack does have its limits. Hackers can only target phones that have microphone-equipped headphones or earbuds plugged in. It doesn’t work if users don’t have Google Now enabled from their lockscreens, or if they have Google Now programed to respond only to their voice. Now that Siri only responds to the voice of the phone’s owner in iOS 9 on the iPhone 6S, it won’t work on the new iPhones, either. Additionally, anyone who looks at their phone regularly would probably see unauthorized voice commands being carried out on their phone — it’s not exactly a discrete hack.

Regardless, the researchers have pointed out that it’s still a vulnerability that could be exploited easily, especially in public spaces where people congregate.

To protect users’ phones against hacks, the security community frequently recommends that users disable the voice-activated assistants from appearing on the default screen, though most people aren’t willing to sacrifice the convenience of the feature. Additionally, the researchers suggest that if Apple and Google allowed users to set their own activation word like the Moto X does, hackers wouldn’t be able to activate Siri or Google Now, unless they knew your specific name or phrase. Of course, that’s something the tech giants will have to consider — not the user. In regards to this particular headphone jack hack, the researchers suggest microphone cords with heavier shielding inside.

For some time, security advocates have been preaching about the hackable potential of our phone’s voice-activated digital assistants. Quite recently, an embarrassing hack of the iOS 9 lock screen involved tricking Siri into giving up contacts and other information. That flaw has since been fixed in a recent update, but the question of voice assistant hackability is still a serious one.

Product Review

Chris is the virtual co-pilot phone-obsessives need in their car

Driving while using your phone is dangerous, and often illegal. Meet Chris, the digital assistant for your car that wants to help keep your hands off your phone, and your eyes on the road.
Computing

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.
Smart Home

The best smart locks to increase your home security in 2019

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Cars

Protect yourself and your ride with our favorite dash cams

Dashboard cameras can assist drivers in car accident claims, settle speeding ticket disputes, and even catch glimpses of incoming meteors, among other things. Here, we've compiled a list of the most noteworthy offerings available.
Wearables

Fossil is working on a smartwatch with BMW, and it’s coming next year

Fossil, the watch company that makes smartwatches under its own name and partners with other major brands too, intends to launch a smartwatch with car manufacturer BMW in the future.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Mobile

Diesel’s denim-inspired smartwatch straps are a casual, colorful must-own

Diesel will release two new versions of the On Full Guard 2.5 smartwatch later this year, with seriously cool, denim-inspired straps in classic Diesel colors. We tried them on at the Baselworld 2019 show.
Movies & TV

Apple’s next big event is set for March 25: Here’s what you can expect

Apple's next big event takes place on March 25 in Cupertino, California. The company is expected to make several announcements related to its services, including Apple TV, so follow our guide to get ready for the big event.
Wearables

Tips and tricks to get you started with your new Fitbit Inspire HR

The Inspire HR may be an entry-level fitness tracker in Fitbit's lineup, but the device still has plenty of features to explore. These are our favorite tips and tricks to help you use the Inspire HR to its fullest potential.
Mobile

How three simple words could be the difference between life and death

What3Words’ app-based address system gives a three-word code to every three-meter-square patch on the planet, with its accuracy and ease of use now catching the attention of first responders in the U.K.
Mobile

The Moto G7 Power, with its massive battery, is now available for purchase

After a number of leaks and rumors, the Motorola Moto G7, Moto G7 Play, and Moto G7 Power are finally here. The devices represent quite a spec bump over the previous-generation Moto G6 phones, yet still come at a reasonable price.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Mobile

5G's arrival is transforming tech. Here's everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.