A pair of researchers from ANSSI, a French government agency that specializes in information security, have just discovered an alarming loophole that allows hackers to remotely access smartphone virtual assistants like iOS's Siri and Android's Google Now from up to 16 ft. away.
The news comes from Andy Greenberg of Wired Magazine, who detailed the process.
Through radio waves, hackers can infiltrate the target phone or tablet as long as it has a pair of headphones with an accompanying microphone plugged in. These remote transmissions use the connected headphones as an antenna and proceed to fool the device's operating system into thinking that audio signals are coming from the mic. From there, hackers can issue various commands without the owner's knowledge.
Here's just a taste of what they could do according to Wired:
Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker's number to turn the phone into an eavesdropping device, send the phone's browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.
The article does point out that this exploit has a very narrow window where it can be used. Aside from the headphone and microphone requirement, Both Google Now and Siri have to be enabled for lock screen use.
IOS has Siri in this feature on by default so users looking to avoid this method of infiltration must disable it. Android users have the additional option of letting Google Now only respond to the user's voice.
This discovery is just one of many known exploits aimed at compromising cell phones. Last week, whistle blower Edward Snowden told the BBC that any smartphone could be hacked with a single text message.
