Bad news for Apple fans: researchers in France have discovered a way to silently hack Siri from nearly 5 metres away.
A team at ANSSI, a French government agency dedicated to information security, have shown that radio waves can be used to silently trigger voice commands on an iPhone that has Siri enabled and also has a pair of headphones with a microphone plugged into its jack.
Without getting too technical, the hack hijacks the headphones’ cord and uses the wire to convert electromagnetic waves into electrical signals, which the phone’s operating system then mistakes for audio coming from the microphone. A hacker could use the exploit to send texts, make calls, access social media accounts and direct the phone’s browser to malware sites. In other words, anything that can be done through the voice interface could potentially be done remotely and discreetly through electromagnetic waves.
The exploit isn’t without limitations. Microphone-enabled headphones must be plugged into the smartphone in order for it to work. And many potential victims would likely notice their phone receiving mysterious voice commands and cancel them before any mischief could be managed. Still, the risk isn’t zero.
The ANSSI researchers say they’ve contacted Apple to share their work and recommend fixes. In the meantime, security conscious smartphone users should disable voice command functions from their lock screens.