1 min read

Hackers Discover Voice Recognition Vulnerability on iOS and Android

Răzvan MUREȘAN

October 15, 2015

Hackers Discover Voice Recognition Vulnerability on iOS and Android

A group of French researchers have discovered they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has simultaneously enabled Google Now or Siri and plugged headphones with microphone.

“We exploit the principle of front-door coupling on smartphone headphone cables with specific electromagnetic waveforms,” the researchers said. “Smart usage of intentional electromagnetic interference results in finer impacts on an information system than a classical denial of service effect and, as an outcome, we introduce a new silent remote voice command injection technique on modern smartphones”.

According to Wired, the researchers’ work, which received little notice outside of a few French websites when it was presented at the Hack in Paris conference over the summer, uses a relatively simple collection of equipment: It generates its electromagnetic waves with a laptop running the open-source software GNU Radio, a USRP software-defined radio, an amplifier and an antenna.

In its smallest form, which the researchers say could fit inside a backpack, the setup has a range of around 6.5′. In a more powerful form that requires larger batteries and could only practically fit inside a car or van, the researchers say they could extend the attack’s range to more than 16′.

The researchers’ hack works on phones that have microphone-enabled headphones or earbuds plugged into them. Many Android phones don’t have Google Now enabled from their lockscreen, or have it set to only respond to commands when it recognizes the user’s voice, while on iPhones Siri is enabled from the lockscreen by default, with no such voice identity feature. Attentive victims would likely be able to see that the phone was receiving mysterious voice commands and cancel them before their mischief was complete, according to a paper published by the IEEE and cited by Wired.

The ANSSI researchers said they’ve contacted Apple and Google about their work and recommended fixes.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read