Researches on the French government’s payroll have discovered a new way to remotely and silently seize control of personal assistants such as Google Now or Microsoft’s Siri installed on a smartphone. The brilliant hacking technique only works within short distances, and requires the target to plug microphone-enabled earphones into a mobile phone. The cyberattack exploits the headphone cord’s doubling as an antenna.
Hackers then send electromagnetic signals to the earphones, which are turned into audio input. Then the mobile device interprets it as normal voice commands.
Researchers Chaouki Kasm and José Lopes Esteves uncovered the hack. They warned that the security vulnerability of voice-command capable handsets could result in critical security issues. In fact, the possibilities are unlimited.
Kasm and Esteves work for the French government agency L’Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI). Its director Vincent Strubel explained that the hacking method could be used in crowded areas such as bars or airports, simultaneously hacking many smart phones in one location, according to The Verge.
However, the hacking method has several limitations. For example, the microphone-enabled earphones must be plugged in, and the user must enable voice commands on the phone’s lock screen. That is the default setting for iPhones, but not several Android devices.
There are other logistical limitations. The hacking range is quite short, and the researchers could only perform it within 6.5 feet (2 meters) when the equipment was tiny enough to fit inside a backpack, according to Wired. When the researchers scaled up the hardware to fit into a car’s interior, the hack’s range was only boosted to 16 feet (4.9 meters).