While this probably isn’t something to get too hyper about, we thought we’d let you know about this hack, just because it’s so damned ingenious. The new hack uses an Phone or Android device’s plugged-in headphones to remotely access the device’s built-in voice controls.
Researchers from French government agency ANSSI found they were able to control Apple’s Siri or Android’s Google Now from as far as 16 feet away, according to Wired. The hack is accomplished by using a radio transmitter to tap into a pair of headphones with integrated microphone plugged into the mobile device, using the headphone cable as an antenna.
It has long been known that headphone cables make great radio antennas, and the researchers used this ability to trick an iPhone or Android device into believing the commands it receives are coming from the user, via the connected microphone.
“Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker’s number to turn the phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.”
In its smallest form, the hack can be pulled off from up to six and half feet away. A more powerful form can pull it off from up to 16 feet away, but that requires the hardware the hack uses to be housed in a car or van.
The hack only works on the iPhone if Siri is enabled from the lock screen, which admittedly is the default setting. It can work with the new always-on “Hey Siri” feature on the new iPhone 6s, as well as spoof the headphone mic button press for older devices.
Users who are concerned about hacks such as this can disable Siri access from the lock screen by opening the Settings app, and tapping, Touch ID & Passcode, and then scrolling down to uncheck Siri under Allow Access When Locked.
They could also make sure not to have headphones plugged into their device when not using them for phone calls or listening to music.