{"id":46993,"date":"2015-10-15T10:33:58","date_gmt":"2015-10-15T17:33:58","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=46993"},"modified":"2015-10-15T15:01:40","modified_gmt":"2015-10-15T22:01:40","slug":"ingenious-attack-shows-how-siri-could-be-hijacked-silently-from-16-feet-away-but-dont-lose-any-sleep","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/ingenious-attack-shows-how-siri-could-be-hijacked-silently-from-16-feet-away-but-dont-lose-any-sleep\/","title":{"rendered":"Ingenious Attack Shows How Siri Could Be Hijacked Silently from 16 Feet Away, but Don’t Lose Any Sleep"},"content":{"rendered":"

\"Siri\"<\/p>\n

It’s been four years since Apple introduced Siri, putting a mini-secretary into every iPhone owners’ pocket.<\/p>\n

I know it’s made my day-to-day life easier \u2014 providing an easy way to reply to an SMS text message while I’m on the move, or letting me set the timer when my fingers are mucky from cooking in the kitchen. But the technology has also been at the heart of a number of security problems, most recently providing a sneaky way to bypass the iOS 9 lock screen<\/a>.<\/p>\n

Well now, French security researchers appear to have uncovered a whole different way in which Siri (and, to be fair, Google Now on Android phones) could potentially be exploited by hackers to hijack control of your smartphone, without you ever realising that any funny business was afoot.<\/p>\n

Now, it’s important to stress that this is a *potential* problem. Although quite ingenious, when you hear the details of just what the researchers had to do, and how the iPhone has to be prepared before a successful attack can proceed, you will probably decide that this particular threat is not one to lose much sleep about.<\/p>\n

But that doesn’t make it any less fascinating.<\/p>\n

In a technical paper<\/a> published by IEEE, a team from the French government’s Network and Information Security Agency (ANSSI), claims to have discovered “a new silent remote voice command injection technique,” which could allow them to control Siri via radio waves from a distance of up to 16 feet, if \u2014 and this is crucial \u2014 a pair of headphones with an\u00a0in-built microphone (such as the standard earbuds shipped by Apple) are plugged into the iPhone.<\/p>\n

Armed with an amplifier, laptop, antenna and Universal Software Radio Peripheral (USRP) radio, attackers could apparently send surreptitious signals, that the headphones’ cord would pick up like an antenna, and converted into the electrical signals understood as speech by the iDevice’s operating system.<\/p>\n

Although somewhat unlikely and impractical, it is quite ingenious.<\/p>\n

No words have been spoken, and yet Siri has received a command.<\/p>\n

Perhaps the most plausible abuse of the French researchers’ discovery would be to order iOS to visit a particular website, hosting a malicious exploit that could infect the phone and install malware. Alternatively, unauthorised messages could be sent from the compromised device.<\/p>\n

In a demonstration video, the researchers showed how they were able to transmit silent commands to an Android Smartphone, forcing it to visit the ANSSI website.<\/p>\n